VirtualBox

Ticket #17266: VBoxHardening.log

File VBoxHardening.log, 212.7 KB (added by romall, 7 years ago)
Line 
1e14.af4: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2e14.af4: \SystemRoot\System32\ntdll.dll:
3e14.af4: CreationTime: 2010-11-21T03:23:51.351694200Z
4e14.af4: LastWriteTime: 2010-11-21T03:23:51.367294200Z
5e14.af4: ChangeTime: 2017-11-11T12:23:20.969860500Z
6e14.af4: FileAttributes: 0x20
7e14.af4: Size: 0x1a6d60
8e14.af4: NT Headers: 0xe0
9e14.af4: Timestamp: 0x4ce7c8f9
10e14.af4: Machine: 0x8664 - amd64
11e14.af4: Timestamp: 0x4ce7c8f9
12e14.af4: Image Version: 6.1
13e14.af4: SizeOfImage: 0x1a9000 (1740800)
14e14.af4: Resource Dir: 0x151000 LB 0x560d8
15e14.af4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16e14.af4: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17e14.af4: ProductName: Microsoft® Windows® Operating System
18e14.af4: ProductVersion: 6.1.7601.17514
19e14.af4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
20e14.af4: FileDescription: NT Layer DLL
21e14.af4: \SystemRoot\System32\kernel32.dll:
22e14.af4: CreationTime: 2010-11-21T03:24:07.965723400Z
23e14.af4: LastWriteTime: 2010-11-21T03:24:07.981323400Z
24e14.af4: ChangeTime: 2017-11-11T12:23:07.436590200Z
25e14.af4: FileAttributes: 0x20
26e14.af4: Size: 0x11b800
27e14.af4: NT Headers: 0xe8
28e14.af4: Timestamp: 0x4ce7c78b
29e14.af4: Machine: 0x8664 - amd64
30e14.af4: Timestamp: 0x4ce7c78b
31e14.af4: Image Version: 6.1
32e14.af4: SizeOfImage: 0x11f000 (1175552)
33e14.af4: Resource Dir: 0x116000 LB 0x528
34e14.af4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35e14.af4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36e14.af4: ProductName: Microsoft® Windows® Operating System
37e14.af4: ProductVersion: 6.1.7601.17514
38e14.af4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
39e14.af4: FileDescription: Windows NT BASE API Client DLL
40e14.af4: \SystemRoot\System32\KernelBase.dll:
41e14.af4: CreationTime: 2010-11-21T03:24:26.217755400Z
42e14.af4: LastWriteTime: 2010-11-21T03:24:26.248955500Z
43e14.af4: ChangeTime: 2017-11-11T12:23:07.436590200Z
44e14.af4: FileAttributes: 0x20
45e14.af4: Size: 0x66800
46e14.af4: NT Headers: 0xf0
47e14.af4: Timestamp: 0x4ce7c78c
48e14.af4: Machine: 0x8664 - amd64
49e14.af4: Timestamp: 0x4ce7c78c
50e14.af4: Image Version: 6.1
51e14.af4: SizeOfImage: 0x6b000 (438272)
52e14.af4: Resource Dir: 0x69000 LB 0x530
53e14.af4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54e14.af4: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
55e14.af4: ProductName: Microsoft® Windows® Operating System
56e14.af4: ProductVersion: 6.1.7601.17514
57e14.af4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
58e14.af4: FileDescription: Windows NT BASE API Client DLL
59e14.af4: \SystemRoot\System32\apisetschema.dll:
60e14.af4: CreationTime: 2009-07-13T23:18:54.866423200Z
61e14.af4: LastWriteTime: 2009-07-14T01:24:53.779000000Z
62e14.af4: ChangeTime: 2017-11-11T12:22:56.635022300Z
63e14.af4: FileAttributes: 0x20
64e14.af4: Size: 0x1a00
65e14.af4: NT Headers: 0xc0
66e14.af4: Timestamp: 0x4a5bdeab
67e14.af4: Machine: 0x8664 - amd64
68e14.af4: Timestamp: 0x4a5bdeab
69e14.af4: Image Version: 6.1
70e14.af4: SizeOfImage: 0x50000 (327680)
71e14.af4: Resource Dir: 0x30000 LB 0x3f0
72e14.af4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73e14.af4: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
74e14.af4: ProductName: Microsoft® Windows® Operating System
75e14.af4: ProductVersion: 6.1.7600.16385
76e14.af4: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
77e14.af4: FileDescription: ApiSet Schema DLL
78e14.af4: supR3HardenedWinFindAdversaries: 0x0
79e14.af4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
80e14.af4: Calling main()
81e14.af4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
82e14.af4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
83e14.af4: SUPR3HardenedMain: Respawn #1
84e14.af4: System32: \Device\HarddiskVolume2\Windows\System32
85e14.af4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
86e14.af4: KnownDllPath: C:\Windows\system32
87e14.af4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
88e14.af4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
89e14.af4: supR3HardNtEnableThreadCreation:
90e14.af4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777cc320 pvNtTerminateThread=00000000777f1840
91e14.af4: supR3HardenedWinDoReSpawn(1): New child 7ec.11cc [kernel32].
92e14.af4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
93e14.af4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000777a0000 uNtDllChildAddr=00000000777a0000
94e14.af4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777cc320
95e14.af4: supR3HardenedWinSetupChildInit: Start child.
96e14.af4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
97e14.af4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
98e14.af4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
99e14.af4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
100e14.af4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
101e14.af4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
102e14.af4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
103e14.af4: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
104e14.af4: 0000000000041000-00000000000dffff 0x0001/0x0000 0x0000000
105e14.af4: *00000000000e0000-00000000001dbfff 0x0000/0x0004 0x0020000
106e14.af4: 00000000001dc000-00000000001ddfff 0x0104/0x0004 0x0020000
107e14.af4: 00000000001de000-00000000001dffff 0x0004/0x0004 0x0020000
108e14.af4: 00000000001e0000-000000007779ffff 0x0001/0x0000 0x0000000
109e14.af4: *00000000777a0000-00000000777a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
110e14.af4: 00000000777a1000-00000000778a2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
111e14.af4: 00000000778a3000-00000000778d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
112e14.af4: 00000000778d2000-00000000778ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
113e14.af4: 00000000778de000-0000000077948fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
114e14.af4: 0000000077949000-000000007efdffff 0x0001/0x0000 0x0000000
115e14.af4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
116e14.af4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
117e14.af4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
118e14.af4: 000000007fff0000-000000013f57ffff 0x0001/0x0000 0x0000000
119e14.af4: *000000013f580000-000000013f580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120e14.af4: 000000013f581000-000000013f5f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121e14.af4: 000000013f5f2000-000000013f5f2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122e14.af4: 000000013f5f3000-000000013f638fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123e14.af4: 000000013f639000-000000013f639fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124e14.af4: 000000013f63a000-000000013f63afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
125e14.af4: 000000013f63b000-000000013f63ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
126e14.af4: 000000013f640000-000000013f640fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
127e14.af4: 000000013f641000-000000013f641fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
128e14.af4: 000000013f642000-000000013f645fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
129e14.af4: 000000013f646000-000000013f68dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
130e14.af4: 000000013f68e000-000007feffabffff 0x0001/0x0000 0x0000000
131e14.af4: *000007feffac0000-000007feffac0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
132e14.af4: 000007feffac1000-000007fffffaffff 0x0001/0x0000 0x0000000
133e14.af4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
134e14.af4: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
135e14.af4: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
136e14.af4: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
137e14.af4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
138e14.af4: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
139e14.af4: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
140e14.af4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
141e14.af4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
142e14.af4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
143e14.af4: supR3HardNtChildPurify: Done after 314 ms and 0 fixes (loop #0).
1447ec.11cc: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1457ec.11cc: supR3HardenedVmProcessInit: uNtDllAddr=00000000777a0000 g_uNtVerCombined=0x611db100
1467ec.11cc: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
1477ec.11cc: New simple heap: #1 00000000002e0000 LB 0x400000 (for 1740800 allocation)
148e14.af4: supR3HardNtEnableThreadCreation:
1497ec.11cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1507ec.11cc: System32: \Device\HarddiskVolume2\Windows\System32
1517ec.11cc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1527ec.11cc: KnownDllPath: C:\Windows\system32
1537ec.11cc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1547ec.11cc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1557ec.11cc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1567ec.11cc: Registered Dll notification callback with NTDLL.
1577ec.11cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1587ec.11cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1597ec.11cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1607ec.11cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1617ec.11cc: supR3HardenedDllNotificationCallback: load 0000000077580000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1627ec.11cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1637ec.11cc: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1647ec.11cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1657ec.11cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1667ec.11cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077580000 'C:\Windows\system32\kernel32.dll'
1677ec.11cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777cc320 pvNtTerminateThread=00000000777f1840
168e14.af4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
1697ec.11cc: \SystemRoot\System32\ntdll.dll:
1707ec.11cc: CreationTime: 2010-11-21T03:23:51.351694200Z
1717ec.11cc: LastWriteTime: 2010-11-21T03:23:51.367294200Z
1727ec.11cc: ChangeTime: 2017-11-11T12:23:20.969860500Z
1737ec.11cc: FileAttributes: 0x20
1747ec.11cc: Size: 0x1a6d60
1757ec.11cc: NT Headers: 0xe0
1767ec.11cc: Timestamp: 0x4ce7c8f9
1777ec.11cc: Machine: 0x8664 - amd64
1787ec.11cc: Timestamp: 0x4ce7c8f9
1797ec.11cc: Image Version: 6.1
1807ec.11cc: SizeOfImage: 0x1a9000 (1740800)
1817ec.11cc: Resource Dir: 0x151000 LB 0x560d8
1827ec.11cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1837ec.11cc: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1847ec.11cc: ProductName: Microsoft® Windows® Operating System
1857ec.11cc: ProductVersion: 6.1.7601.17514
1867ec.11cc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1877ec.11cc: FileDescription: NT Layer DLL
1887ec.11cc: \SystemRoot\System32\kernel32.dll:
1897ec.11cc: CreationTime: 2010-11-21T03:24:07.965723400Z
1907ec.11cc: LastWriteTime: 2010-11-21T03:24:07.981323400Z
1917ec.11cc: ChangeTime: 2017-11-11T12:23:07.436590200Z
1927ec.11cc: FileAttributes: 0x20
1937ec.11cc: Size: 0x11b800
1947ec.11cc: NT Headers: 0xe8
1957ec.11cc: Timestamp: 0x4ce7c78b
1967ec.11cc: Machine: 0x8664 - amd64
1977ec.11cc: Timestamp: 0x4ce7c78b
1987ec.11cc: Image Version: 6.1
1997ec.11cc: SizeOfImage: 0x11f000 (1175552)
2007ec.11cc: Resource Dir: 0x116000 LB 0x528
2017ec.11cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2027ec.11cc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2037ec.11cc: ProductName: Microsoft® Windows® Operating System
2047ec.11cc: ProductVersion: 6.1.7601.17514
2057ec.11cc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2067ec.11cc: FileDescription: Windows NT BASE API Client DLL
2077ec.11cc: \SystemRoot\System32\KernelBase.dll:
2087ec.11cc: CreationTime: 2010-11-21T03:24:26.217755400Z
2097ec.11cc: LastWriteTime: 2010-11-21T03:24:26.248955500Z
2107ec.11cc: ChangeTime: 2017-11-11T12:23:07.436590200Z
2117ec.11cc: FileAttributes: 0x20
2127ec.11cc: Size: 0x66800
2137ec.11cc: NT Headers: 0xf0
2147ec.11cc: Timestamp: 0x4ce7c78c
2157ec.11cc: Machine: 0x8664 - amd64
2167ec.11cc: Timestamp: 0x4ce7c78c
2177ec.11cc: Image Version: 6.1
2187ec.11cc: SizeOfImage: 0x6b000 (438272)
2197ec.11cc: Resource Dir: 0x69000 LB 0x530
2207ec.11cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2217ec.11cc: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
2227ec.11cc: ProductName: Microsoft® Windows® Operating System
2237ec.11cc: ProductVersion: 6.1.7601.17514
2247ec.11cc: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
2257ec.11cc: FileDescription: Windows NT BASE API Client DLL
2267ec.11cc: \SystemRoot\System32\apisetschema.dll:
2277ec.11cc: CreationTime: 2009-07-13T23:18:54.866423200Z
2287ec.11cc: LastWriteTime: 2009-07-14T01:24:53.779000000Z
2297ec.11cc: ChangeTime: 2017-11-11T12:22:56.635022300Z
2307ec.11cc: FileAttributes: 0x20
2317ec.11cc: Size: 0x1a00
2327ec.11cc: NT Headers: 0xc0
2337ec.11cc: Timestamp: 0x4a5bdeab
2347ec.11cc: Machine: 0x8664 - amd64
2357ec.11cc: Timestamp: 0x4a5bdeab
2367ec.11cc: Image Version: 6.1
2377ec.11cc: SizeOfImage: 0x50000 (327680)
2387ec.11cc: Resource Dir: 0x30000 LB 0x3f0
2397ec.11cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2407ec.11cc: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
2417ec.11cc: ProductName: Microsoft® Windows® Operating System
2427ec.11cc: ProductVersion: 6.1.7600.16385
2437ec.11cc: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
2447ec.11cc: FileDescription: ApiSet Schema DLL
2457ec.11cc: supR3HardenedWinFindAdversaries: 0x0
2467ec.11cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2477ec.11cc: Calling main()
2487ec.11cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2497ec.11cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2507ec.11cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2517ec.11cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2527ec.11cc: SUPR3HardenedMain: Respawn #2
2537ec.11cc: supR3HardNtEnableThreadCreation:
2547ec.11cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2557ec.11cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2567ec.11cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2577ec.11cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2587ec.11cc: supR3HardenedDllNotificationCallback: load 000007fefd590000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2597ec.11cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2607ec.11cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd590000 'C:\Windows\system32\apphelp.dll'
2617ec.11cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777cc320 pvNtTerminateThread=00000000777f1840
2627ec.11cc: supR3HardenedWinDoReSpawn(2): New child 880.1388 [kernel32].
2637ec.11cc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
2647ec.11cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000777a0000 uNtDllChildAddr=00000000777a0000
2657ec.11cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777cc320
2667ec.11cc: supR3HardenedWinSetupChildInit: Start child.
2677ec.11cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2687ec.11cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
2697ec.11cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2707ec.11cc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2717ec.11cc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2727ec.11cc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
2737ec.11cc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
2747ec.11cc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
2757ec.11cc: 0000000000041000-000000000010ffff 0x0001/0x0000 0x0000000
2767ec.11cc: *0000000000110000-000000000020bfff 0x0000/0x0004 0x0020000
2777ec.11cc: 000000000020c000-000000000020dfff 0x0104/0x0004 0x0020000
2787ec.11cc: 000000000020e000-000000000020ffff 0x0004/0x0004 0x0020000
2797ec.11cc: 0000000000210000-000000007779ffff 0x0001/0x0000 0x0000000
2807ec.11cc: *00000000777a0000-00000000777a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2817ec.11cc: 00000000777a1000-00000000778a2fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2827ec.11cc: 00000000778a3000-00000000778d1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2837ec.11cc: 00000000778d2000-00000000778ddfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2847ec.11cc: 00000000778de000-0000000077948fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2857ec.11cc: 0000000077949000-000000007efdffff 0x0001/0x0000 0x0000000
2867ec.11cc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2877ec.11cc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2887ec.11cc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2897ec.11cc: 000000007fff0000-000000013f57ffff 0x0001/0x0000 0x0000000
2907ec.11cc: *000000013f580000-000000013f580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2917ec.11cc: 000000013f581000-000000013f5f1fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2927ec.11cc: 000000013f5f2000-000000013f5f2fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2937ec.11cc: 000000013f5f3000-000000013f638fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2947ec.11cc: 000000013f639000-000000013f639fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2957ec.11cc: 000000013f63a000-000000013f63afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2967ec.11cc: 000000013f63b000-000000013f63ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2977ec.11cc: 000000013f640000-000000013f640fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2987ec.11cc: 000000013f641000-000000013f641fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2997ec.11cc: 000000013f642000-000000013f645fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3007ec.11cc: 000000013f646000-000000013f68dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
3017ec.11cc: 000000013f68e000-000007feffabffff 0x0001/0x0000 0x0000000
3027ec.11cc: *000007feffac0000-000007feffac0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3037ec.11cc: 000007feffac1000-000007fffffaffff 0x0001/0x0000 0x0000000
3047ec.11cc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3057ec.11cc: 000007fffffd3000-000007fffffd8fff 0x0001/0x0000 0x0000000
3067ec.11cc: *000007fffffd9000-000007fffffd9fff 0x0004/0x0004 0x0020000
3077ec.11cc: 000007fffffda000-000007fffffddfff 0x0001/0x0000 0x0000000
3087ec.11cc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
3097ec.11cc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3107ec.11cc: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
3117ec.11cc: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
3127ec.11cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3137ec.11cc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3147ec.11cc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3157ec.11cc: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
316880.1388: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
317880.1388: supR3HardenedVmProcessInit: uNtDllAddr=00000000777a0000 g_uNtVerCombined=0x611db100
318880.1388: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
319880.1388: New simple heap: #1 0000000000310000 LB 0x400000 (for 1740800 allocation)
3207ec.11cc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002e0000 LB 0x400000)
3217ec.11cc: supR3HardNtEnableThreadCreation:
322880.1388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
323880.1388: System32: \Device\HarddiskVolume2\Windows\System32
324880.1388: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
325880.1388: KnownDllPath: C:\Windows\system32
326880.1388: supR3HardenedVmProcessInit: Opening vboxdrv...
327880.1388: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
328880.1388: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
329880.1388: Registered Dll notification callback with NTDLL.
330880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
331880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
332880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
333880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
334880.1388: supR3HardenedDllNotificationCallback: load 0000000077580000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
335880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
336880.1388: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
337880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
338880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
339880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077580000 'C:\Windows\system32\kernel32.dll'
340880.1388: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777cc320 pvNtTerminateThread=00000000777f1840
341880.1388: \SystemRoot\System32\ntdll.dll:
342880.1388: CreationTime: 2010-11-21T03:23:51.351694200Z
343880.1388: LastWriteTime: 2010-11-21T03:23:51.367294200Z
344880.1388: ChangeTime: 2017-11-11T12:23:20.969860500Z
345880.1388: FileAttributes: 0x20
346880.1388: Size: 0x1a6d60
347880.1388: NT Headers: 0xe0
348880.1388: Timestamp: 0x4ce7c8f9
349880.1388: Machine: 0x8664 - amd64
350880.1388: Timestamp: 0x4ce7c8f9
351880.1388: Image Version: 6.1
352880.1388: SizeOfImage: 0x1a9000 (1740800)
353880.1388: Resource Dir: 0x151000 LB 0x560d8
354880.1388: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
355880.1388: [Raw version resource data: 0x1510f0 LB 0x380, codepage 0x0 (reserved 0x0)]
356880.1388: ProductName: Microsoft® Windows® Operating System
357880.1388: ProductVersion: 6.1.7601.17514
358880.1388: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
359880.1388: FileDescription: NT Layer DLL
360880.1388: \SystemRoot\System32\kernel32.dll:
361880.1388: CreationTime: 2010-11-21T03:24:07.965723400Z
362880.1388: LastWriteTime: 2010-11-21T03:24:07.981323400Z
363880.1388: ChangeTime: 2017-11-11T12:23:07.436590200Z
364880.1388: FileAttributes: 0x20
365880.1388: Size: 0x11b800
366880.1388: NT Headers: 0xe8
367880.1388: Timestamp: 0x4ce7c78b
368880.1388: Machine: 0x8664 - amd64
369880.1388: Timestamp: 0x4ce7c78b
370880.1388: Image Version: 6.1
371880.1388: SizeOfImage: 0x11f000 (1175552)
372880.1388: Resource Dir: 0x116000 LB 0x528
373880.1388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
374880.1388: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
375880.1388: ProductName: Microsoft® Windows® Operating System
376880.1388: ProductVersion: 6.1.7601.17514
377880.1388: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
378880.1388: FileDescription: Windows NT BASE API Client DLL
379880.1388: \SystemRoot\System32\KernelBase.dll:
380880.1388: CreationTime: 2010-11-21T03:24:26.217755400Z
381880.1388: LastWriteTime: 2010-11-21T03:24:26.248955500Z
382880.1388: ChangeTime: 2017-11-11T12:23:07.436590200Z
383880.1388: FileAttributes: 0x20
384880.1388: Size: 0x66800
385880.1388: NT Headers: 0xf0
386880.1388: Timestamp: 0x4ce7c78c
387880.1388: Machine: 0x8664 - amd64
388880.1388: Timestamp: 0x4ce7c78c
389880.1388: Image Version: 6.1
390880.1388: SizeOfImage: 0x6b000 (438272)
391880.1388: Resource Dir: 0x69000 LB 0x530
392880.1388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
393880.1388: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
394880.1388: ProductName: Microsoft® Windows® Operating System
395880.1388: ProductVersion: 6.1.7601.17514
396880.1388: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
397880.1388: FileDescription: Windows NT BASE API Client DLL
398880.1388: \SystemRoot\System32\apisetschema.dll:
399880.1388: CreationTime: 2009-07-13T23:18:54.866423200Z
400880.1388: LastWriteTime: 2009-07-14T01:24:53.779000000Z
401880.1388: ChangeTime: 2017-11-11T12:22:56.635022300Z
402880.1388: FileAttributes: 0x20
403880.1388: Size: 0x1a00
404880.1388: NT Headers: 0xc0
405880.1388: Timestamp: 0x4a5bdeab
406880.1388: Machine: 0x8664 - amd64
407880.1388: Timestamp: 0x4a5bdeab
408880.1388: Image Version: 6.1
409880.1388: SizeOfImage: 0x50000 (327680)
410880.1388: Resource Dir: 0x30000 LB 0x3f0
411880.1388: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
412880.1388: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
413880.1388: ProductName: Microsoft® Windows® Operating System
414880.1388: ProductVersion: 6.1.7600.16385
415880.1388: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
416880.1388: FileDescription: ApiSet Schema DLL
417880.1388: supR3HardenedWinFindAdversaries: 0x0
418880.1388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
419880.1388: Calling main()
420880.1388: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
421880.1388: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
422880.1388: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
423880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
424880.1388: SUPR3HardenedMain: Final process, opening VBoxDrv...
425880.1388: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
426880.1388: supR3HardNtEnableThreadCreation:
4277ec.11cc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms.
428880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
429880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
430880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
431880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
432880.1388: supR3HardenedDllNotificationCallback: load 000007fef57f0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
433880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
434880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
435880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
436880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef57f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
437880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
438880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
439880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef57f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
440880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef57f0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
441880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
442880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
443880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
444880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
445880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
446880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
447880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
448880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
449880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
450880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
451880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
452880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
453880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
454880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
455880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
456880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
457880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
458880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
459880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
460880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
461880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
462880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
463880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
464880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
465880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
466880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
467880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
468880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
469880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
470880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
471880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
472880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
473880.1388: supR3HardenedDllNotificationCallback: load 000007fefda60000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
474880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
475880.1388: supR3HardenedDllNotificationCallback: load 000007fefe2d0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
476880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
477880.1388: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
478880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
479880.1388: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
480880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
481880.1388: supR3HardenedDllNotificationCallback: load 000007feff560000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
482880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
483880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\Wintrust.dll'
484880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
485880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
486880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
487880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
488880.1388: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
489880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
490880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\bcrypt.dll'
491880.1388: bcrypt.dll loaded at 000007fefd0e0000, BCryptOpenAlgorithmProvider at 000007fefd0e2640, preloading providers:
492880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
493880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
494880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
495880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
496880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
497880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
498880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
499880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
500880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
501880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
502880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
503880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
504880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
505880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
506880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
507880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
508880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
509880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
510880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
511880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
512880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
513880.1388: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
514880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
515880.1388: supR3HardenedDllNotificationCallback: load 000007feff2f0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
516880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
517880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
518880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
519880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
520880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
521880.1388: supR3HardenedDllNotificationCallback: load 000007fefe210000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
522880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
523880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbd0000 'C:\Windows\system32\bcryptprimitives.dll'
524880.1388: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000075a710)
525880.1388: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000075d740)
526880.1388: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000075d860)
527880.1388: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000075da70)
528880.1388: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000075db90)
529880.1388: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000075dcb0)
530880.1388: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000075def0)
531880.1388: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000075e010)
532880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
533880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
534880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
535880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
536880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
537880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
538880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
539880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
540880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
541880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
542880.1388: supR3HardenedDllNotificationCallback: load 000007fefcf90000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
543880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
544880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\CRYPTSP.dll'
545880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
546880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
547880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
548880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
549880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
550880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
551880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
552880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
553880.1388: supR3HardenedDllNotificationCallback: load 000007fefcc90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
554880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
555880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc90000 'C:\Windows\system32\rsaenh.dll'
556880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
557880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
558880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2f0000 'C:\Windows\system32\ADVAPI32.dll'
559880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
560880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
561880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
562880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
563880.1388: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
564880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
565880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\CRYPTBASE.dll'
566880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
567880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
568880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077580000 'C:\Windows\system32\kernel32.dll'
569880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
570880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
571880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\WINTRUST.DLL'
572880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
573880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
574880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\CRYPT32.dll'
575880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
576880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
577880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
578880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
579880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
580880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
581880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
582880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
583880.1388: supR3HardenedDllNotificationCallback: load 000007fefe1f0000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
584880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
585880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1f0000 'C:\Windows\system32\imagehlp.dll'
586880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
587880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
588880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\CRYPTSP.dll'
589880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
590880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
591880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
592880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
593880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
594880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
595880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
596880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
597880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
598880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
599880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
600880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
601880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
602880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
603880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
604880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
605880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
606880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
607880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
608880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
609880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
610880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
611880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
612880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
613880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
614880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
615880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
616880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
617880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
618880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
619880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
620880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
621880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
622880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
623880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
624880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
625880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
626880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
627880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
628880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
629880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
630880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
631880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
632880.1388: supR3HardenedDllNotificationCallback: load 00000000776a0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
633880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
634880.1388: supR3HardenedDllNotificationCallback: load 000007fefe260000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
635880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
636880.1388: supR3HardenedDllNotificationCallback: load 000007fefe4a0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
637880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
638880.1388: supR3HardenedDllNotificationCallback: load 000007fefdaa0000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
639880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
640880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
641880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
642880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe260000 'C:\Windows\system32\gdi32.dll'
643880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
644880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
645880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
646880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
647880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
648880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
649880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
650880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
651880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
652880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
653880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
654880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
655880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
656880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
657880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
658880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
659880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
660880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
661880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
662880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
663880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
664880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
665880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
666880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
667880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
668880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
669880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
670880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
671880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
672880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
673880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
674880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
675880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
676880.1388: supR3HardenedDllNotificationCallback: load 000007fefe230000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
677880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
678880.1388: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
679880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
680880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe230000 'C:\Windows\system32\IMM32.DLL'
681880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000776a0000 'C:\Windows\system32\USER32.dll'
682880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
683880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
684880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
685880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
686880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
687880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
688880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
689880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
690880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
691880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
692880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
693880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
694880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
695880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
696880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
697880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
698880.1388: supR3HardenedDllNotificationCallback: load 000007fefd110000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
699880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
700880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\ncrypt.dll'
701880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
702880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
703880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\bcrypt.dll'
704880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
705880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
706880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
707880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
708880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
709880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
710880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
711880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
712880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
713880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
714880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
715880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
716880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
717880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
718880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
719880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
720880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
721880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
722880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
723880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
724880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
725880.1388: supR3HardenedDllNotificationCallback: load 000007fefca10000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
726880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
727880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
728880.1388: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
729880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
730880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca10000 'C:\Windows\system32\USERENV.dll'
731880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
732880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
733880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
734880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
735880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
736880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-Management-L1-1-0.dll'
737880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
738880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
739880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff560000 'C:\Windows\system32\rpcrt4.dll'
740880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
741880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
742880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
743880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
744880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RPCRT4.dll (Input=RPCRT4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
745880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff560000 'C:\Windows\system32\RPCRT4.dll'
746880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
747880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
748880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
749880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
750880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
751880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
752880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
753880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
754880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
755880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
756880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
757880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
758880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
759880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
760880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
761880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
762880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
763880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
764880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
765880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
766880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
767880.1388: supR3HardenedDllNotificationCallback: load 000007fefc9f0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
768880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
769880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9f0000 'C:\Windows\system32\GPAPI.dll'
770880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
771880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
772880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-Management-L1-1-0.dll'
773880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
774880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
775880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-Management-L2-1-0.dll'
776880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
777880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
778880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
779880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
780880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
781880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
782880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
783880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
784880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
785880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
786880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
787880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
788880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
789880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
790880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
791880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
792880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
793880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
794880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
795880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
796880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
797880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
798880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
799880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800880.1388: supR3HardenedDllNotificationCallback: load 000007fef1b70000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
801880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
802880.1388: supR3HardenedDllNotificationCallback: load 000007feff8c0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
803880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
804880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
805880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
806880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
807880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
808880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
809880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
810880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
811880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
812880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
813880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
814880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
815880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
816880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
817880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
818880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
819880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
820880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
821880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
822880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
823880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
824880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
825880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
826880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
827880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
828880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
829880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
830880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
831880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
832880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
833880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
834880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
835880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
836880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
837880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
838880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
839880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
840880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
841880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
842880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
843880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
844880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
845880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
846880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
847880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
848880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
849880.1388: supR3HardenedDllNotificationCallback: load 000007feff4e0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
850880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
851880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\SHLWAPI.dll'
852880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
853880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
854880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
855880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
856880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
857880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\profapi.dll'
858880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
859880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
860880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
861880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
862880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
863880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
864880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
865880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
866880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
867880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
868880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
869880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
870880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
871880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
872880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
873880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
874880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
875880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
876880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
877880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
878880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
879880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
880880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
881880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
882880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
883880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
884880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
885880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
886880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
887880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
888880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
889880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
890880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
891880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
892880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
893880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
894880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
895880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
896880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
897880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
898880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
899880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
900880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
901880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
902880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
903880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
904880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
905880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
906880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
907880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
908880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
909880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
910880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
911880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
912880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
913880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
914880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
915880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
916880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
917880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
918880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
919880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
920880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
921880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
922880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
923880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
924880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
925880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
926880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
927880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
928880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
929880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
930880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
931880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
932880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
933880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
934880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
935880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
936880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
937880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
938880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
939880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
940880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
941880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
942880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
943880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
944880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
945880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
946880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
947880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
948880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
949880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
950880.1388: supR3HardenedDllNotificationCallback: load 000007feff690000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
951880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
952880.1388: supR3HardenedDllNotificationCallback: load 000007fefd770000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
953880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
954880.1388: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
955880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
956880.1388: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
957880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
958880.1388: supR3HardenedDllNotificationCallback: load 000007fefd820000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
959880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
960880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
961880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
962880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077580000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
963880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff690000 'C:\Windows\system32\setupapi.dll'
964880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
965880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
966880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
967880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
968880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
969880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
970880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
971880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
972880.1388: supR3HardenedDllNotificationCallback: load 000007fef6c20000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
973880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
974880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6c20000 'C:\Windows\system32\Cabinet.dll'
975880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
976880.1388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
977880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
978880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
979880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
980880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
981880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
982880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
983880.1388: supR3HardenedDllNotificationCallback: load 000007fefca30000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
984880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
985880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca30000 'C:\Windows\system32\DEVRTL.dll'
986880.1388: supR3HardenedDllNotificationCallback: Unload 000007feff690000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
987880.1388: supR3HardenedDllNotificationCallback: Unload 000007fefd820000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
988880.1388: supR3HardenedDllNotificationCallback: Unload 000007fefdd90000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
989880.1388: supR3HardenedDllNotificationCallback: Unload 000007fefdb80000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0]
990880.1388: supR3HardenedDllNotificationCallback: Unload 000007fefd770000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
991880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
992880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1b70000 'C:\Windows\system32\cryptnet.dll'
993880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
994880.1388: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000755320
995880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
996880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E
997880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
998880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
999880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1000880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1001880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1002880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1003880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1004880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1005880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1006880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1007880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1008880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2f0000 'C:\Windows\system32\ADVAPI32.dll'
1009880.1388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1010880.1388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1011880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe210000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1012880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
1013880.1388: g_pfnWinVerifyTrust=000007fefda61010
1014880.1388: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1015880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1016880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1017880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1018880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC
1019880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1020880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1021880.1388: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1022880.1388: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1023880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1024880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1025880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1026880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238
1027880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1028880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1029880.1388: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1030880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
1031880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1032880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1033880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
1034880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1035880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1036880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
1037880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
1038880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1039880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1040880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
1041880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1042880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1043880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
1044880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1045880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1046880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1047880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1048880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1049880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1050880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1051880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1052880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1053880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1054880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1055880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1056880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1057880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1058880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1059880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1060880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1061880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B
1062880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1063880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1064880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1065880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1066880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1067880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1068880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1069880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1070880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1071880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1072880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1073880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1074880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1075880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1076880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1077880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1078880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1079880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1080880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1081880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1082880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1083880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1084880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1085880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1086880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1087880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1088880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1089880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1090880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1091880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1092880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1093880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1094880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1095880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1096880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
1097880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1098880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1099880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1100880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002b4 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1101880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1102880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1103880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1104880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1105880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1106880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1107880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1108880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1109880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1110880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1111880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1112880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1113880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1114880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1115880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1116880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1117880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1118880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1119880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1120880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1121880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1122880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1123880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1124880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
1125880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1126880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1127880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1128880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1129880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1130880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1131880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1132880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1133880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1134880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1135880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1136880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1137880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1138880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1139880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1140880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1141880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1142880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1143880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1144880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1145880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
1146880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1147880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1148880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1149880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1150880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1151880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1152880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
1153880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1154880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1155880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1156880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1157880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1158880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1159880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
1160880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1161880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1162880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1163880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1164880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1165880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1166880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B723D1B8AD72750B0CF5F6BEC66171B1254ED879
1167880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1168880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1169880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1170880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1171880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1172880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1173880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804
1174880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1175880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1176880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1177880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1178880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1179880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1180880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1181880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1182880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1183880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1184880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1185880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1186880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1187880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1188880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1189880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1190880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1191880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1192880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1193880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1194880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1195880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1196880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1197880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1198880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1199880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1200880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1201880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1202880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
1203880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1204880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1205880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1206880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1207880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1208880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1209880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1210880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1211880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1212880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1213880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1214880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1215880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1216880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1217880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53
1218880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1219880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1220880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1221880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1222880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1223880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1224880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1225880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1226880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1227880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1228880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1229880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1230880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1231880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
1232880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1233880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1234880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1235880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1236880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1237880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1238880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1239880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4
1240880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1241880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1242880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1243880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1244880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1245880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1246880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B
1247880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1248880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1249880.1388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1250880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1251880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1252880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\crypt32.dll'
1253880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1254880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1255880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1256880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1257880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1258880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1259880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1260880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1261880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1262880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1263880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1264880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1265880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1266880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1267880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1268880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1269880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1270880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1271880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1272880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1273880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1274880.1388: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1275880.1388: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=22
1276880.1388: SUPR3HardenedMain: Load Runtime...
1277880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1278880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1279880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1280880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1281880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1282880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1283880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1284880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1285880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1286880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1287880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c4 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1288880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1289880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1290880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1291880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1292880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1293880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1294880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1295880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1296880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1297880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1298880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1299880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1300880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1301880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1302880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1303880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1304880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1305880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1306880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1307880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1308880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1309880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1310880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1311880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1312880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e4 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1313880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1314880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1315880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1316880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1317880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1318880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1319880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1320880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1321880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1322880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1323880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1324880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1325880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1326880.1388: supR3HardenedDllNotificationCallback: load 000007feed220000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1327880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1328880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1329880.1388: supR3HardenedDllNotificationCallback: load 0000000071a80000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1330880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1331880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1332880.1388: supR3HardenedDllNotificationCallback: load 00000000719e0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1333880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1334880.1388: supR3HardenedDllNotificationCallback: load 000007feff870000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1335880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1336880.1388: supR3HardenedDllNotificationCallback: load 000007fefdb70000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1337880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1338880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1339880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1340880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1341880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1342880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1343880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1344880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1345880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1346880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1347880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1348880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1349880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1350880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1351880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1352880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1353880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1354880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1355880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1356880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1357880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1358880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1359880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1360880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1361880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1362880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1363880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1364880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1365880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1366880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1367880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1368880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1369880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1370880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1371880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1372880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1373880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1374880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1375880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1376880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1377880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1378880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1379880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1380880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1381880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1382880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1383880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1384880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1385880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1386880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed220000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1387880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1388880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1389880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda60000 'C:\Windows\system32\Wintrust.dll'
1390880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1391880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1392880.1388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\crypt32.dll'
1393880.1388: SUPR3HardenedMain: Load TrustedMain...
1394880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1395880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1396880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1397880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1398880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1399880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1400880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1401880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1402880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1403880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1404880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1405880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1406880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1407880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1408880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1409880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1410880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1411880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1412880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1413880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1414880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1415880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1416880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1417880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1418880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1419880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1420880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1421880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1422880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1423880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1424880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1425880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1426880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1427880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1428880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1429880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1430880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1431880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000414 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1432880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1433880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1434880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E63E1F65357AC965D20B871BB87AD804BA5ED7E
1435880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1436880.1388: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000755320
1437880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1438880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4E63E1F65357AC965D20B871BB87AD804BA5ED7E
1439880.1388: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1440880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1441880.1388: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1442880.1388: Error (rc=0):
1443880.1388: supR3HardenedScreenImage/Imports: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\shell32.dll: Not signed.
1444880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1445880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1446880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1447880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1448880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1449880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1450880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1451880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1452880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1453880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1454880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1455880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1456880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1457880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1458880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1459880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1460880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1461880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1462880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1463880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1464880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1465880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1466880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1467880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1468880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1469880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1470880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1471880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1472880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1473880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1474880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1475880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1476880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1477880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1478880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1479880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1480880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1481880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1482880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1483880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1484880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1485880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1486880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1487880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1488880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1489880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1490880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1491880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1492880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1493880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1494880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1495880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1496880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1497880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1498880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1499880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1500880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1501880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1502880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1503880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1504880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1505880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1506880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1507880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1508880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1509880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1510880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1511880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1512880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1513880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1514880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1515880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1516880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1517880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1518880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1519880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1520880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1521880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1522880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1523880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1524880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1525880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1526880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1527880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1528880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1529880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1530880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1531880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1532880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1533880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1534880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1535880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1536880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1537880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1538880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1539880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1540880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1541880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1542880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1543880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1544880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1545880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1546880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1547880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1548880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1549880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1550880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1551880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1552880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1553880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1554880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1555880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1556880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1557880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1558880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1559880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1560880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1561880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1562880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1563880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1564880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1565880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1566880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1567880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1568880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1569880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1570880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1571880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1572880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1573880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1574880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1575880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1576880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1577880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1578880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1579880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1580880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1581880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1582880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1583880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1584880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1585880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1586880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1587880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1588880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1589880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1590880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1591880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1592880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1593880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1594880.1388: Error (rc=0):
1595880.1388: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1596880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1597880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1598880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1599880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1600880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1601880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1602880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1603880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1604880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1605880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1606880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1607880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1608880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1609880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1610880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1611880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1612880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1613880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1614880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1615880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1616880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1617880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1618880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1619880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1620880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1621880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1622880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1623880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1624880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1625880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1626880.1388: Error (rc=0):
1627880.1388: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1628880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1629880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1630880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1631880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1632880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1633880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1634880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1635880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1636880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1637880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1640880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1641880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1642880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1643880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1644880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1645880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1646880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1647880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1648880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1649880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1650880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1651880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1652880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1653880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1654880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1655880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1656880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1657880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1658880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1659880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1660880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1661880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1662880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1663880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1664880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1665880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1666880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1667880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1668880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1669880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1670880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1671880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1672880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1673880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1674880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1675880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1676880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1677880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1678880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1679880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1680880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1681880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1682880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1683880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1684880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1685880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1686880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1687880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1688880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1689880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1690880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1691880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1692880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1693880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1694880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1695880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1696880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1697880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1698880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1699880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1700880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1701880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1702880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1703880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1704880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1705880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1706880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1707880.1388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1708880.1388: Error (rc=0):
1709880.1388: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1710880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1711880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1712880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1713880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1714880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1715880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=079AE4D5590C1BD8B3438F87FFA25D5807967336
1716880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1717880.1388: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000755320
1718880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1719880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=079AE4D5590C1BD8B3438F87FFA25D5807967336
1720880.1388: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1721880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1722880.1388: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1723880.1388: Error (rc=0):
1724880.1388: supR3HardenedScreenImage/Imports: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\comctl32.dll: Not signed.
1725880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1726880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1727880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1728880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1729880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1730880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1731880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1732880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1733880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1734880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1735880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1736880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1737880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1738880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1739880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1740880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1741880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1742880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1743880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1744880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1745880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1746880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1747880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1748880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1749880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1750880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1751880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1752880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1753880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1754880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1755880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1756880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1757880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1758880.1388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1759880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1760880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1761880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1762880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1763880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1764880.1388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000755320
1765880.1388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000755320
1766880.1388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
1767880.1388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1768880.1388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1769880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1770880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1771880.1388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1772880.1388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1773880.1388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1774880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1775880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1776880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1777880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1778880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1779880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1780880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1781880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1782880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1783880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1784880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1785880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1786880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1787880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1788880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1789880.1388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1790880.1388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000714130:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;D:\ProgramData\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1791880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1792880.1388: supR3HardenedDllNotificationCallback: load 000007feec850000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1793880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1794880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1795880.1388: supR3HardenedDllNotificationCallback: load 000007feee7f0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1796880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1797880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1798880.1388: supR3HardenedDllNotificationCallback: load 000007fef2390000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1799880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1800880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1801880.1388: supR3HardenedDllNotificationCallback: load 000007feee6f0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1802880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1803880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1804880.1388: supR3HardenedDllNotificationCallback: load 000007fef5780000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1805880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1806880.1388: supR3HardenedDllNotificationCallback: load 000007feff690000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1807880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1808880.1388: supR3HardenedDllNotificationCallback: load 000007fefd770000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1809880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1810880.1388: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1811880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1812880.1388: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1813880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1814880.1388: supR3HardenedDllNotificationCallback: load 000007fefd820000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1815880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1816880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1817880.1388: supR3HardenedDllNotificationCallback: load 000007fefaa60000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1818880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1819880.1388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1820880.1388: supR3HardenedDllNotificationCallback: load 000000006ee90000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1821880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1822880.1388: supR3HardenedDllNotificationCallback: load 000007fefe4b0000 LB 0x00d98000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1823880.1388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1824880.1388: Error (rc=0):
1825880.1388: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Windows\System32\shell32.dll
1826880.1388: Fatal error:
1827880.1388: supR3HardenedDllNotificationCallback: supR3HardenedScreenImage failed on 'C:\Windows\system32\SHELL32.dll' / '\??\C:\Windows\system32\SHELL32.dll': 0xc0000190
18287ec.11cc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 893 ms, the end);
1829e14.af4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1264 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy