VirtualBox

Ticket #17548: VBoxHardening.log

File VBoxHardening.log, 372.6 KB (added by manoj_red_hat, 7 years ago)
Line 
1f64.13c8: Log file opened: 5.2.6r120293 g_hStartupLog=000000000000004c g_uNtVerCombined=0x611db110
2f64.13c8: \SystemRoot\System32\ntdll.dll:
3f64.13c8: CreationTime: 2018-02-07T08:27:02.123928600Z
4f64.13c8: LastWriteTime: 2018-01-07T15:34:42.140674500Z
5f64.13c8: ChangeTime: 2018-02-07T08:43:35.790800300Z
6f64.13c8: FileAttributes: 0x20
7f64.13c8: Size: 0x196968
8f64.13c8: NT Headers: 0xe0
9f64.13c8: Timestamp: 0x5a524044
10f64.13c8: Machine: 0x8664 - amd64
11f64.13c8: Timestamp: 0x5a524044
12f64.13c8: Image Version: 6.1
13f64.13c8: SizeOfImage: 0x19f000 (1699840)
14f64.13c8: Resource Dir: 0x142000 LB 0x5a028
15f64.13c8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16f64.13c8: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17f64.13c8: ProductName: Microsoft® Windows® Operating System
18f64.13c8: ProductVersion: 6.1.7601.24009
19f64.13c8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
20f64.13c8: FileDescription: NT Layer DLL
21f64.13c8: \SystemRoot\System32\kernel32.dll:
22f64.13c8: CreationTime: 2018-02-07T08:27:04.697796600Z
23f64.13c8: LastWriteTime: 2018-01-07T15:42:23.414000000Z
24f64.13c8: ChangeTime: 2018-02-07T08:43:36.773600300Z
25f64.13c8: FileAttributes: 0x20
26f64.13c8: Size: 0x11c000
27f64.13c8: NT Headers: 0xe0
28f64.13c8: Timestamp: 0x5a524089
29f64.13c8: Machine: 0x8664 - amd64
30f64.13c8: Timestamp: 0x5a524089
31f64.13c8: Image Version: 6.1
32f64.13c8: SizeOfImage: 0x11f000 (1175552)
33f64.13c8: Resource Dir: 0x116000 LB 0x528
34f64.13c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35f64.13c8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36f64.13c8: ProductName: Microsoft® Windows® Operating System
37f64.13c8: ProductVersion: 6.1.7601.24009
38f64.13c8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
39f64.13c8: FileDescription: Windows NT BASE API Client DLL
40f64.13c8: \SystemRoot\System32\KernelBase.dll:
41f64.13c8: CreationTime: 2018-02-07T08:27:28.377382200Z
42f64.13c8: LastWriteTime: 2018-01-07T15:42:23.430000000Z
43f64.13c8: ChangeTime: 2018-02-07T08:43:36.758000300Z
44f64.13c8: FileAttributes: 0x20
45f64.13c8: Size: 0x66800
46f64.13c8: NT Headers: 0xe8
47f64.13c8: Timestamp: 0x5a52408a
48f64.13c8: Machine: 0x8664 - amd64
49f64.13c8: Timestamp: 0x5a52408a
50f64.13c8: Image Version: 6.1
51f64.13c8: SizeOfImage: 0x6a000 (434176)
52f64.13c8: Resource Dir: 0x68000 LB 0x530
53f64.13c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54f64.13c8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
55f64.13c8: ProductName: Microsoft® Windows® Operating System
56f64.13c8: ProductVersion: 6.1.7601.24009
57f64.13c8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
58f64.13c8: FileDescription: Windows NT BASE API Client DLL
59f64.13c8: \SystemRoot\System32\apisetschema.dll:
60f64.13c8: CreationTime: 2018-02-07T08:27:37.206529400Z
61f64.13c8: LastWriteTime: 2018-01-07T15:42:19.202000000Z
62f64.13c8: ChangeTime: 2018-02-07T08:43:35.681600300Z
63f64.13c8: FileAttributes: 0x20
64f64.13c8: Size: 0x1a00
65f64.13c8: NT Headers: 0xc0
66f64.13c8: Timestamp: 0x5a524024
67f64.13c8: Machine: 0x8664 - amd64
68f64.13c8: Timestamp: 0x5a524024
69f64.13c8: Image Version: 6.1
70f64.13c8: SizeOfImage: 0x50000 (327680)
71f64.13c8: Resource Dir: 0x30000 LB 0x3f8
72f64.13c8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73f64.13c8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
74f64.13c8: ProductName: Microsoft® Windows® Operating System
75f64.13c8: ProductVersion: 6.1.7601.24009
76f64.13c8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
77f64.13c8: FileDescription: ApiSet Schema DLL
78f64.13c8: Found driver SysPlant (0x1)
79f64.13c8: Found driver SymNetS (0x2)
80f64.13c8: Found driver PGDriver (0x20000)
81f64.13c8: Found driver SRTSPX (0x2)
82f64.13c8: Found driver SymEvent (0x2)
83f64.13c8: Found driver SymIRON (0x2)
84f64.13c8: supR3HardenedWinFindAdversaries: 0x20003
85f64.13c8: \SystemRoot\System32\drivers\SysPlant.sys:
86f64.13c8: CreationTime: 2017-12-07T12:15:15.990800300Z
87f64.13c8: LastWriteTime: 2018-01-15T05:18:04.602800000Z
88f64.13c8: ChangeTime: 2018-01-15T05:18:04.602800000Z
89f64.13c8: FileAttributes: 0x20
90f64.13c8: Size: 0x2e950
91f64.13c8: NT Headers: 0x100
92f64.13c8: Timestamp: 0x59c58a3f
93f64.13c8: Machine: 0x8664 - amd64
94f64.13c8: Timestamp: 0x59c58a3f
95f64.13c8: Image Version: 5.0
96f64.13c8: SizeOfImage: 0x30000 (196608)
97f64.13c8: Resource Dir: 0x2e000 LB 0x498
98f64.13c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
99f64.13c8: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
100f64.13c8: ProductName: Symantec CMC Firewall
101f64.13c8: ProductVersion: 12.1.7359.6900
102f64.13c8: FileVersion: 12.1.7359.6900
103f64.13c8: FileDescription: Symantec CMC Firewall SysPlant
104f64.13c8: \SystemRoot\System32\sysfer.dll:
105f64.13c8: CreationTime: 2017-12-07T12:15:15.990800300Z
106f64.13c8: LastWriteTime: 2018-01-15T05:18:04.587200000Z
107f64.13c8: ChangeTime: 2018-01-15T05:18:04.587200000Z
108f64.13c8: FileAttributes: 0x20
109f64.13c8: Size: 0x74ee8
110f64.13c8: NT Headers: 0xf8
111f64.13c8: Timestamp: 0x59c58a44
112f64.13c8: Machine: 0x8664 - amd64
113f64.13c8: Timestamp: 0x59c58a44
114f64.13c8: Image Version: 0.0
115f64.13c8: SizeOfImage: 0x8d000 (577536)
116f64.13c8: Resource Dir: 0x8b000 LB 0x48c
117f64.13c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
118f64.13c8: [Raw version resource data: 0x8b0b8 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
119f64.13c8: ProductName: Symantec CMC Firewall
120f64.13c8: ProductVersion: 12.1.7359.6900
121f64.13c8: FileVersion: 12.1.7359.6900
122f64.13c8: FileDescription: Symantec CMC Firewall sysfer
123f64.13c8: \SystemRoot\System32\drivers\symevent64x86.sys:
124f64.13c8: CreationTime: 2017-12-07T12:15:47.502800500Z
125f64.13c8: LastWriteTime: 2018-01-13T18:32:12.623500000Z
126f64.13c8: ChangeTime: 2018-01-13T18:32:12.623500000Z
127f64.13c8: FileAttributes: 0x20
128f64.13c8: Size: 0x2ccf0
129f64.13c8: NT Headers: 0xf0
130f64.13c8: Timestamp: 0x57be5070
131f64.13c8: Machine: 0x8664 - amd64
132f64.13c8: Timestamp: 0x57be5070
133f64.13c8: Image Version: 6.0
134f64.13c8: SizeOfImage: 0x37000 (225280)
135f64.13c8: Resource Dir: 0x35000 LB 0x3c8
136f64.13c8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
137f64.13c8: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
138f64.13c8: ProductName: SYMEVENT
139f64.13c8: ProductVersion: 12.9.6.28
140f64.13c8: FileVersion: 12.9.6.28
141f64.13c8: FileDescription: Symantec Event Library
142f64.13c8: \SystemRoot\System32\drivers\PGDriver.sys:
143f64.13c8: CreationTime: 2018-01-16T15:26:01.390353200Z
144f64.13c8: LastWriteTime: 2017-02-01T12:22:50.000000000Z
145f64.13c8: ChangeTime: 2018-02-18T08:05:51.696400000Z
146f64.13c8: FileAttributes: 0x20
147f64.13c8: Size: 0x8250
148f64.13c8: NT Headers: 0xf0
149f64.13c8: Timestamp: 0x582461ca
150f64.13c8: Machine: 0x8664 - amd64
151f64.13c8: Timestamp: 0x582461ca
152f64.13c8: Image Version: 6.3
153f64.13c8: SizeOfImage: 0xa000 (40960)
154f64.13c8: Resource Dir: 0x8000 LB 0x430
155f64.13c8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
156f64.13c8: [Raw version resource data: 0x8060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
157f64.13c8: ProductName: Avecto Defendpoint
158f64.13c8: ProductVersion: 2016.11.10.1
159f64.13c8: FileVersion: 2016.11.10.1
160f64.13c8: SpecialBuild: D
161f64.13c8: FileDescription: Defendpoint Driver
162f64.13c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
163f64.13c8: Calling main()
164f64.13c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
165f64.13c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
166f64.13c8: SUPR3HardenedMain: Respawn #1
167f64.13c8: System32: \Device\HarddiskVolume1\Windows\System32
168f64.13c8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
169f64.13c8: KnownDllPath: C:\windows\system32
170f64.13c8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
171f64.13c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
172f64.13c8: supR3HardNtEnableThreadCreation:
173f64.13c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076ea3740 pvNtTerminateThread=0000000076ec9dd0
174f64.13c8: supR3HardenedWinDoReSpawn(1): New child 23d8.1cf8 [kernel32].
175f64.13c8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
176f64.13c8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e60000 uNtDllChildAddr=0000000076e60000
177f64.13c8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076ea3740
178f64.13c8: supR3HardenedWinSetupChildInit: Start child.
179f64.13c8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
180f64.13c8: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 33 sleeps
181f64.13c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
182f64.13c8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
183f64.13c8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
184f64.13c8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
185f64.13c8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
186f64.13c8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
187f64.13c8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
188f64.13c8: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
189f64.13c8: 0000000000051000-000000000008ffff 0x0001/0x0000 0x0000000
190f64.13c8: *0000000000090000-000000000018bfff 0x0000/0x0004 0x0020000
191f64.13c8: 000000000018c000-000000000018dfff 0x0104/0x0004 0x0020000
192f64.13c8: 000000000018e000-000000000018ffff 0x0004/0x0004 0x0020000
193f64.13c8: 0000000000190000-0000000076e5ffff 0x0001/0x0000 0x0000000
194f64.13c8: *0000000076e60000-0000000076e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
195f64.13c8: 0000000076e61000-0000000076f84fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
196f64.13c8: 0000000076f85000-0000000076f8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
197f64.13c8: 0000000076f8b000-0000000076f8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
198f64.13c8: 0000000076f8c000-0000000076f93fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
199f64.13c8: 0000000076f94000-0000000076ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
200f64.13c8: 0000000076fff000-000000007efdffff 0x0001/0x0000 0x0000000
201f64.13c8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
202f64.13c8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
203f64.13c8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
204f64.13c8: 000000007fff0000-000000013f3bffff 0x0001/0x0000 0x0000000
205f64.13c8: *000000013f3c0000-000000013f3c0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
206f64.13c8: 000000013f3c1000-000000013f431fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
207f64.13c8: 000000013f432000-000000013f432fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
208f64.13c8: 000000013f433000-000000013f478fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
209f64.13c8: 000000013f479000-000000013f479fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
210f64.13c8: 000000013f47a000-000000013f47afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
211f64.13c8: 000000013f47b000-000000013f47ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
212f64.13c8: 000000013f480000-000000013f480fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
213f64.13c8: 000000013f481000-000000013f481fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
214f64.13c8: 000000013f482000-000000013f485fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
215f64.13c8: 000000013f486000-000000013f4cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
216f64.13c8: 000000013f4ce000-000000013f4cffff 0x0001/0x0000 0x0000000
217f64.13c8: *000000013f4d0000-000000013f4d0fff 0x0004/0x0004 0x0020000
218f64.13c8: 000000013f4d1000-000007feff15ffff 0x0001/0x0000 0x0000000
219f64.13c8: *000007feff160000-000007feff160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
220f64.13c8: 000007feff161000-000007fffffaffff 0x0001/0x0000 0x0000000
221f64.13c8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
222f64.13c8: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
223f64.13c8: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
224f64.13c8: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
225f64.13c8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
226f64.13c8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
227f64.13c8: apisetschema.dll: timestamp 0x5a524024 (rc=VINF_SUCCESS)
228f64.13c8: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
229f64.13c8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
230f64.13c8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
231f64.13c8: 000000013f3c0162 / 0x0000162: 00 != 11
232f64.13c8: 000000013f3c0164 / 0x0000164: 00 != 14
233f64.13c8: Restored 0x400 bytes of original file content at 000000013f3c0000
234f64.13c8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
235f64.13c8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
236f64.13c8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20003 cPatchCount=0
237f64.13c8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
238f64.13c8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
239f64.13c8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
240f64.13c8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
241f64.13c8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
242f64.13c8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
243f64.13c8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
244f64.13c8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
245f64.13c8: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
246f64.13c8: 0000000000051000-000000000008ffff 0x0001/0x0000 0x0000000
247f64.13c8: *0000000000090000-000000000018bfff 0x0000/0x0004 0x0020000
248f64.13c8: 000000000018c000-000000000018dfff 0x0104/0x0004 0x0020000
249f64.13c8: 000000000018e000-000000000018ffff 0x0004/0x0004 0x0020000
250f64.13c8: 0000000000190000-0000000076e5ffff 0x0001/0x0000 0x0000000
251f64.13c8: *0000000076e60000-0000000076e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
252f64.13c8: 0000000076e61000-0000000076f84fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
253f64.13c8: 0000000076f85000-0000000076f8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
254f64.13c8: 0000000076f8b000-0000000076f93fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
255f64.13c8: 0000000076f94000-0000000076ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
256f64.13c8: 0000000076fff000-000000007efdffff 0x0001/0x0000 0x0000000
257f64.13c8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
258f64.13c8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
259f64.13c8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
260f64.13c8: 000000007fff0000-000000013f3bffff 0x0001/0x0000 0x0000000
261f64.13c8: *000000013f3c0000-000000013f3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
262f64.13c8: 000000013f3c1000-000000013f431fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
263f64.13c8: 000000013f432000-000000013f432fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
264f64.13c8: 000000013f433000-000000013f478fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
265f64.13c8: 000000013f479000-000000013f485fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
266f64.13c8: 000000013f486000-000000013f4cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
267f64.13c8: 000000013f4ce000-000000013f4cffff 0x0001/0x0000 0x0000000
268f64.13c8: *000000013f4d0000-000000013f4d0fff 0x0004/0x0004 0x0020000
269f64.13c8: 000000013f4d1000-000007feff15ffff 0x0001/0x0000 0x0000000
270f64.13c8: *000007feff160000-000007feff160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
271f64.13c8: 000007feff161000-000007fffffaffff 0x0001/0x0000 0x0000000
272f64.13c8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
273f64.13c8: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
274f64.13c8: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
275f64.13c8: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
276f64.13c8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
277f64.13c8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
278f64.13c8: supR3HardNtChildPurify: Done after 1051 ms and 1 fixes (loop #1).
27923d8.1cf8: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
28023d8.1cf8: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e60000 g_uNtVerCombined=0x611db100
28123d8.1cf8: ntdll.dll: timestamp 0x5a524044 (rc=VINF_SUCCESS)
28223d8.1cf8: New simple heap: #1 0000000000290000 LB 0x400000 (for 1699840 allocation)
283f64.13c8: supR3HardNtEnableThreadCreation:
28423d8.1cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
28523d8.1cf8: System32: \Device\HarddiskVolume1\Windows\System32
28623d8.1cf8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
28723d8.1cf8: KnownDllPath: C:\windows\system32
28823d8.1cf8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
28923d8.1cf8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
29023d8.1cf8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
29123d8.1cf8: Registered Dll notification callback with NTDLL.
29223d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
29323d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
29423d8.1cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
29523d8.1cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
29623d8.1cf8: supR3HardenedDllNotificationCallback: load 0000000076c40000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
29723d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
29823d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefcb50000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
29923d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
30023d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
30123d8.1cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
30223d8.1cf8: supR3HardenedMonitor_LdrLoadDll: Refusing to load 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll' as it is expected to create undesirable threads that will upset our respawn checks (returning STATUS_TOO_MANY_THREADS)
30323d8.1cf8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076ea3740 pvNtTerminateThread=0000000076ec9dd0
304f64.13c8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms.
30523d8.1cf8: \SystemRoot\System32\ntdll.dll:
30623d8.1cf8: CreationTime: 2018-02-07T08:27:02.123928600Z
30723d8.1cf8: LastWriteTime: 2018-01-07T15:34:42.140674500Z
30823d8.1cf8: ChangeTime: 2018-02-07T08:43:35.790800300Z
30923d8.1cf8: FileAttributes: 0x20
31023d8.1cf8: Size: 0x196968
31123d8.1cf8: NT Headers: 0xe0
31223d8.1cf8: Timestamp: 0x5a524044
31323d8.1cf8: Machine: 0x8664 - amd64
31423d8.1cf8: Timestamp: 0x5a524044
31523d8.1cf8: Image Version: 6.1
31623d8.1cf8: SizeOfImage: 0x19f000 (1699840)
31723d8.1cf8: Resource Dir: 0x142000 LB 0x5a028
31823d8.1cf8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
31923d8.1cf8: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
32023d8.1cf8: ProductName: Microsoft® Windows® Operating System
32123d8.1cf8: ProductVersion: 6.1.7601.24009
32223d8.1cf8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
32323d8.1cf8: FileDescription: NT Layer DLL
32423d8.1cf8: \SystemRoot\System32\kernel32.dll:
32523d8.1cf8: CreationTime: 2018-02-07T08:27:04.697796600Z
32623d8.1cf8: LastWriteTime: 2018-01-07T15:42:23.414000000Z
32723d8.1cf8: ChangeTime: 2018-02-07T08:43:36.773600300Z
32823d8.1cf8: FileAttributes: 0x20
32923d8.1cf8: Size: 0x11c000
33023d8.1cf8: NT Headers: 0xe0
33123d8.1cf8: Timestamp: 0x5a524089
33223d8.1cf8: Machine: 0x8664 - amd64
33323d8.1cf8: Timestamp: 0x5a524089
33423d8.1cf8: Image Version: 6.1
33523d8.1cf8: SizeOfImage: 0x11f000 (1175552)
33623d8.1cf8: Resource Dir: 0x116000 LB 0x528
33723d8.1cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
33823d8.1cf8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
33923d8.1cf8: ProductName: Microsoft® Windows® Operating System
34023d8.1cf8: ProductVersion: 6.1.7601.24009
34123d8.1cf8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
34223d8.1cf8: FileDescription: Windows NT BASE API Client DLL
34323d8.1cf8: \SystemRoot\System32\KernelBase.dll:
34423d8.1cf8: CreationTime: 2018-02-07T08:27:28.377382200Z
34523d8.1cf8: LastWriteTime: 2018-01-07T15:42:23.430000000Z
34623d8.1cf8: ChangeTime: 2018-02-07T08:43:36.758000300Z
34723d8.1cf8: FileAttributes: 0x20
34823d8.1cf8: Size: 0x66800
34923d8.1cf8: NT Headers: 0xe8
35023d8.1cf8: Timestamp: 0x5a52408a
35123d8.1cf8: Machine: 0x8664 - amd64
35223d8.1cf8: Timestamp: 0x5a52408a
35323d8.1cf8: Image Version: 6.1
35423d8.1cf8: SizeOfImage: 0x6a000 (434176)
35523d8.1cf8: Resource Dir: 0x68000 LB 0x530
35623d8.1cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35723d8.1cf8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
35823d8.1cf8: ProductName: Microsoft® Windows® Operating System
35923d8.1cf8: ProductVersion: 6.1.7601.24009
36023d8.1cf8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
36123d8.1cf8: FileDescription: Windows NT BASE API Client DLL
36223d8.1cf8: \SystemRoot\System32\apisetschema.dll:
36323d8.1cf8: CreationTime: 2018-02-07T08:27:37.206529400Z
36423d8.1cf8: LastWriteTime: 2018-01-07T15:42:19.202000000Z
36523d8.1cf8: ChangeTime: 2018-02-07T08:43:35.681600300Z
36623d8.1cf8: FileAttributes: 0x20
36723d8.1cf8: Size: 0x1a00
36823d8.1cf8: NT Headers: 0xc0
36923d8.1cf8: Timestamp: 0x5a524024
37023d8.1cf8: Machine: 0x8664 - amd64
37123d8.1cf8: Timestamp: 0x5a524024
37223d8.1cf8: Image Version: 6.1
37323d8.1cf8: SizeOfImage: 0x50000 (327680)
37423d8.1cf8: Resource Dir: 0x30000 LB 0x3f8
37523d8.1cf8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
37623d8.1cf8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
37723d8.1cf8: ProductName: Microsoft® Windows® Operating System
37823d8.1cf8: ProductVersion: 6.1.7601.24009
37923d8.1cf8: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
38023d8.1cf8: FileDescription: ApiSet Schema DLL
38123d8.1cf8: Found driver SysPlant (0x1)
38223d8.1cf8: Found driver SymNetS (0x2)
38323d8.1cf8: Found driver PGDriver (0x20000)
38423d8.1cf8: Found driver SRTSPX (0x2)
38523d8.1cf8: Found driver SymEvent (0x2)
38623d8.1cf8: Found driver SymIRON (0x2)
38723d8.1cf8: supR3HardenedWinFindAdversaries: 0x20003
38823d8.1cf8: \SystemRoot\System32\drivers\SysPlant.sys:
38923d8.1cf8: CreationTime: 2017-12-07T12:15:15.990800300Z
39023d8.1cf8: LastWriteTime: 2018-01-15T05:18:04.602800000Z
39123d8.1cf8: ChangeTime: 2018-01-15T05:18:04.602800000Z
39223d8.1cf8: FileAttributes: 0x20
39323d8.1cf8: Size: 0x2e950
39423d8.1cf8: NT Headers: 0x100
39523d8.1cf8: Timestamp: 0x59c58a3f
39623d8.1cf8: Machine: 0x8664 - amd64
39723d8.1cf8: Timestamp: 0x59c58a3f
39823d8.1cf8: Image Version: 5.0
39923d8.1cf8: SizeOfImage: 0x30000 (196608)
40023d8.1cf8: Resource Dir: 0x2e000 LB 0x498
40123d8.1cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
40223d8.1cf8: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
40323d8.1cf8: ProductName: Symantec CMC Firewall
40423d8.1cf8: ProductVersion: 12.1.7359.6900
40523d8.1cf8: FileVersion: 12.1.7359.6900
40623d8.1cf8: FileDescription: Symantec CMC Firewall SysPlant
40723d8.1cf8: \SystemRoot\System32\sysfer.dll:
40823d8.1cf8: CreationTime: 2017-12-07T12:15:15.990800300Z
40923d8.1cf8: LastWriteTime: 2018-01-15T05:18:04.587200000Z
41023d8.1cf8: ChangeTime: 2018-01-15T05:18:04.587200000Z
41123d8.1cf8: FileAttributes: 0x20
41223d8.1cf8: Size: 0x74ee8
41323d8.1cf8: NT Headers: 0xf8
41423d8.1cf8: Timestamp: 0x59c58a44
41523d8.1cf8: Machine: 0x8664 - amd64
41623d8.1cf8: Timestamp: 0x59c58a44
41723d8.1cf8: Image Version: 0.0
41823d8.1cf8: SizeOfImage: 0x8d000 (577536)
41923d8.1cf8: Resource Dir: 0x8b000 LB 0x48c
42023d8.1cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
42123d8.1cf8: [Raw version resource data: 0x8b0b8 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
42223d8.1cf8: ProductName: Symantec CMC Firewall
42323d8.1cf8: ProductVersion: 12.1.7359.6900
42423d8.1cf8: FileVersion: 12.1.7359.6900
42523d8.1cf8: FileDescription: Symantec CMC Firewall sysfer
42623d8.1cf8: \SystemRoot\System32\drivers\symevent64x86.sys:
42723d8.1cf8: CreationTime: 2017-12-07T12:15:47.502800500Z
42823d8.1cf8: LastWriteTime: 2018-01-13T18:32:12.623500000Z
42923d8.1cf8: ChangeTime: 2018-01-13T18:32:12.623500000Z
43023d8.1cf8: FileAttributes: 0x20
43123d8.1cf8: Size: 0x2ccf0
43223d8.1cf8: NT Headers: 0xf0
43323d8.1cf8: Timestamp: 0x57be5070
43423d8.1cf8: Machine: 0x8664 - amd64
43523d8.1cf8: Timestamp: 0x57be5070
43623d8.1cf8: Image Version: 6.0
43723d8.1cf8: SizeOfImage: 0x37000 (225280)
43823d8.1cf8: Resource Dir: 0x35000 LB 0x3c8
43923d8.1cf8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
44023d8.1cf8: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
44123d8.1cf8: ProductName: SYMEVENT
44223d8.1cf8: ProductVersion: 12.9.6.28
44323d8.1cf8: FileVersion: 12.9.6.28
44423d8.1cf8: FileDescription: Symantec Event Library
44523d8.1cf8: \SystemRoot\System32\drivers\PGDriver.sys:
44623d8.1cf8: CreationTime: 2018-01-16T15:26:01.390353200Z
44723d8.1cf8: LastWriteTime: 2017-02-01T12:22:50.000000000Z
44823d8.1cf8: ChangeTime: 2018-02-18T08:05:51.696400000Z
44923d8.1cf8: FileAttributes: 0x20
45023d8.1cf8: Size: 0x8250
45123d8.1cf8: NT Headers: 0xf0
45223d8.1cf8: Timestamp: 0x582461ca
45323d8.1cf8: Machine: 0x8664 - amd64
45423d8.1cf8: Timestamp: 0x582461ca
45523d8.1cf8: Image Version: 6.3
45623d8.1cf8: SizeOfImage: 0xa000 (40960)
45723d8.1cf8: Resource Dir: 0x8000 LB 0x430
45823d8.1cf8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
45923d8.1cf8: [Raw version resource data: 0x8060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
46023d8.1cf8: ProductName: Avecto Defendpoint
46123d8.1cf8: ProductVersion: 2016.11.10.1
46223d8.1cf8: FileVersion: 2016.11.10.1
46323d8.1cf8: SpecialBuild: D
46423d8.1cf8: FileDescription: Defendpoint Driver
46523d8.1cf8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
46623d8.1cf8: Calling main()
46723d8.1cf8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
46823d8.1cf8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
46923d8.1cf8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
47023d8.1cf8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
47123d8.1cf8: SUPR3HardenedMain: Respawn #2
47223d8.1cf8: supR3HardNtEnableThreadCreation:
47323d8.1cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
47423d8.1cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
47523d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
47623d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
47723d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
47823d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
47923d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
48023d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
48123d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
48223d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
48323d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
48423d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
48523d8.1cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
48623d8.1cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
48723d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x000db000 C:\windows\system32\ADVAPI32.DLL [fFlags=0x0]
48823d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
48923d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefd4e0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
49023d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
49123d8.1cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
49223d8.1cf8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
49323d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
49423d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
49523d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefec80000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
49623d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
49723d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
49823d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
49923d8.1cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.DLL'
50023d8.1cf8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
50123d8.1cf8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
50223d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
50323d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
50423d8.1cf8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
50523d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
50623d8.1cf8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
50723d8.1cf8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
50823d8.1cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
50923d8.1cf8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
51023d8.1cf8: supR3HardenedDllNotificationCallback: load 000007fefc740000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
51123d8.1cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
51223d8.1cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc740000 'C:\windows\system32\apphelp.dll'
51323d8.1cf8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076ea3740 pvNtTerminateThread=0000000076ec9dd0
51423d8.1cf8: supR3HardenedWinDoReSpawn(2): New child 1bc0.217c [kernel32].
51523d8.1cf8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
51623d8.1cf8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076e60000 uNtDllChildAddr=0000000076e60000
51723d8.1cf8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076ea3740
51823d8.1cf8: supR3HardenedWinSetupChildInit: Start child.
51923d8.1cf8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
52023d8.1cf8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
52123d8.1cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
52223d8.1cf8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
52323d8.1cf8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
52423d8.1cf8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
52523d8.1cf8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
52623d8.1cf8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
52723d8.1cf8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
52823d8.1cf8: *0000000000050000-000000000014bfff 0x0000/0x0004 0x0020000
52923d8.1cf8: 000000000014c000-000000000014dfff 0x0104/0x0004 0x0020000
53023d8.1cf8: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000
53123d8.1cf8: *0000000000150000-0000000000150fff 0x0004/0x0004 0x0020000
53223d8.1cf8: 0000000000151000-0000000076e5ffff 0x0001/0x0000 0x0000000
53323d8.1cf8: *0000000076e60000-0000000076e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53423d8.1cf8: 0000000076e61000-0000000076f84fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53523d8.1cf8: 0000000076f85000-0000000076f8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53623d8.1cf8: 0000000076f8b000-0000000076f8bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53723d8.1cf8: 0000000076f8c000-0000000076f93fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53823d8.1cf8: 0000000076f94000-0000000076ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
53923d8.1cf8: 0000000076fff000-000000007efdffff 0x0001/0x0000 0x0000000
54023d8.1cf8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
54123d8.1cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
54223d8.1cf8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
54323d8.1cf8: 000000007fff0000-000000013f3bffff 0x0001/0x0000 0x0000000
54423d8.1cf8: *000000013f3c0000-000000013f3c0fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
54523d8.1cf8: 000000013f3c1000-000000013f431fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
54623d8.1cf8: 000000013f432000-000000013f432fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
54723d8.1cf8: 000000013f433000-000000013f478fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
54823d8.1cf8: 000000013f479000-000000013f479fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
54923d8.1cf8: 000000013f47a000-000000013f47afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55023d8.1cf8: 000000013f47b000-000000013f47ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55123d8.1cf8: 000000013f480000-000000013f480fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55223d8.1cf8: 000000013f481000-000000013f481fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55323d8.1cf8: 000000013f482000-000000013f485fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55423d8.1cf8: 000000013f486000-000000013f4cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
55523d8.1cf8: 000000013f4ce000-000000013f4cffff 0x0001/0x0000 0x0000000
55623d8.1cf8: *000000013f4d0000-000000013f4d0fff 0x0004/0x0004 0x0020000
55723d8.1cf8: 000000013f4d1000-000007feff15ffff 0x0001/0x0000 0x0000000
55823d8.1cf8: *000007feff160000-000007feff160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
55923d8.1cf8: 000007feff161000-000007fffffaffff 0x0001/0x0000 0x0000000
56023d8.1cf8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
56123d8.1cf8: 000007fffffd3000-000007fffffd3fff 0x0001/0x0000 0x0000000
56223d8.1cf8: *000007fffffd4000-000007fffffd4fff 0x0004/0x0004 0x0020000
56323d8.1cf8: 000007fffffd5000-000007fffffddfff 0x0001/0x0000 0x0000000
56423d8.1cf8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
56523d8.1cf8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
56623d8.1cf8: apisetschema.dll: timestamp 0x5a524024 (rc=VINF_SUCCESS)
56723d8.1cf8: VirtualBox.exe: timestamp 0x5a5cc1cb (rc=VINF_SUCCESS)
56823d8.1cf8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
56923d8.1cf8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
57023d8.1cf8: 000000013f3c0162 / 0x0000162: 00 != 11
57123d8.1cf8: 000000013f3c0164 / 0x0000164: 00 != 14
57223d8.1cf8: Restored 0x400 bytes of original file content at 000000013f3c0000
57323d8.1cf8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
57423d8.1cf8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
57523d8.1cf8: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x20003 cPatchCount=0
57623d8.1cf8: supR3HardNtChildPurify: Startup delay kludge #1/1: 515 ms, 33 sleeps
57723d8.1cf8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
57823d8.1cf8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
57923d8.1cf8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
58023d8.1cf8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
58123d8.1cf8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
58223d8.1cf8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
58323d8.1cf8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
58423d8.1cf8: *0000000000050000-000000000014bfff 0x0000/0x0004 0x0020000
58523d8.1cf8: 000000000014c000-000000000014dfff 0x0104/0x0004 0x0020000
58623d8.1cf8: 000000000014e000-000000000014ffff 0x0004/0x0004 0x0020000
58723d8.1cf8: *0000000000150000-0000000000150fff 0x0004/0x0004 0x0020000
58823d8.1cf8: 0000000000151000-0000000076e5ffff 0x0001/0x0000 0x0000000
58923d8.1cf8: *0000000076e60000-0000000076e60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
59023d8.1cf8: 0000000076e61000-0000000076f84fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
59123d8.1cf8: 0000000076f85000-0000000076f8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
59223d8.1cf8: 0000000076f8b000-0000000076f93fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
59323d8.1cf8: 0000000076f94000-0000000076ffefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
59423d8.1cf8: 0000000076fff000-000000007efdffff 0x0001/0x0000 0x0000000
59523d8.1cf8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
59623d8.1cf8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
59723d8.1cf8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
59823d8.1cf8: 000000007fff0000-000000013f3bffff 0x0001/0x0000 0x0000000
59923d8.1cf8: *000000013f3c0000-000000013f3c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60023d8.1cf8: 000000013f3c1000-000000013f431fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60123d8.1cf8: 000000013f432000-000000013f432fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60223d8.1cf8: 000000013f433000-000000013f478fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60323d8.1cf8: 000000013f479000-000000013f485fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60423d8.1cf8: 000000013f486000-000000013f4cdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
60523d8.1cf8: 000000013f4ce000-000000013f4cffff 0x0001/0x0000 0x0000000
60623d8.1cf8: *000000013f4d0000-000000013f4d0fff 0x0004/0x0004 0x0020000
60723d8.1cf8: 000000013f4d1000-000007feff15ffff 0x0001/0x0000 0x0000000
60823d8.1cf8: *000007feff160000-000007feff160fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
60923d8.1cf8: 000007feff161000-000007fffffaffff 0x0001/0x0000 0x0000000
61023d8.1cf8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
61123d8.1cf8: 000007fffffd3000-000007fffffd3fff 0x0001/0x0000 0x0000000
61223d8.1cf8: *000007fffffd4000-000007fffffd4fff 0x0004/0x0004 0x0020000
61323d8.1cf8: 000007fffffd5000-000007fffffddfff 0x0001/0x0000 0x0000000
61423d8.1cf8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
61523d8.1cf8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
61623d8.1cf8: supR3HardNtChildPurify: Done after 1046 ms and 1 fixes (loop #1).
6171bc0.217c: Log file opened: 5.2.6r120293 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
6181bc0.217c: supR3HardenedVmProcessInit: uNtDllAddr=0000000076e60000 g_uNtVerCombined=0x611db100
6191bc0.217c: ntdll.dll: timestamp 0x5a524044 (rc=VINF_SUCCESS)
6201bc0.217c: New simple heap: #1 0000000000260000 LB 0x400000 (for 1699840 allocation)
6211bc0.217c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
6221bc0.217c: System32: \Device\HarddiskVolume1\Windows\System32
6231bc0.217c: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
6241bc0.217c: KnownDllPath: C:\windows\system32
6251bc0.217c: supR3HardenedVmProcessInit: Opening vboxdrv...
6261bc0.217c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6271bc0.217c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6281bc0.217c: Registered Dll notification callback with NTDLL.
6291bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
6301bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
6311bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6321bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6331bc0.217c: supR3HardenedDllNotificationCallback: load 0000000076c40000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
6341bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6351bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcb50000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
6361bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
6371bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
6381bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
6391bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Avecto\Privilege Guard Client\PGHook.dll)
6401bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Avecto\Privilege Guard Client\PGHook.dll
6411bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014f4b1:<flags> [calling]
6421bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Avecto\Privilege Guard Client\PGHook.dll [lacks WinVerifyTrust]
6431bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc930000 LB 0x0016b000 C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll [fFlags=0x0]
6441bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Avecto\Privilege Guard Client\PGHook.dll [lacks WinVerifyTrust]
6451bc0.217c: supR3HardenedIsApiSetDll: Warning! 'api-ms-win-core-synch-l1-2-0' looks like an API set, but it's not in the list!
6461bc0.217c: supR3HardenedIsApiSetDll: '鳗㼼' -> false
6471bc0.217c: '\Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll' has no imports
6481bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll)
6491bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll
6501bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll (Input=api-ms-win-core-synch-l1-2-0, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ead1:<flags> [calling]
6511bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll [lacks WinVerifyTrust]
6521bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc880000 LB 0x00003000 C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll [fFlags=0x0]
6531bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll [lacks WinVerifyTrust]
6541bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc880000 'C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll'
6551bc0.217c: supR3HardenedIsApiSetDll: Warning! 'api-ms-win-core-fibers-l1-1-1' looks like an API set, but it's not in the list!
6561bc0.217c: supR3HardenedIsApiSetDll: '鳗㼼' -> false
6571bc0.217c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll': 127 (NtPath=\??\C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll; Input=api-ms-win-core-fibers-l1-1-1; rcNtGetDll=0xc0000135
6581bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll'
6591bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6601bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ead1:<flags> [calling]
6611bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
6621bc0.217c: supR3HardenedIsApiSetDll: Warning! 'api-ms-win-core-synch-l1-2-0' looks like an API set, but it's not in the list!
6631bc0.217c: supR3HardenedIsApiSetDll: '鳗㼼' -> false
6641bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll [lacks WinVerifyTrust]
6651bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll (Input=api-ms-win-core-synch-l1-2-0, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ead1:<flags> [calling]
6661bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc880000 'C:\windows\system32\api-ms-win-core-synch-l1-2-0.dll'
6671bc0.217c: supR3HardenedIsApiSetDll: Warning! 'api-ms-win-core-fibers-l1-1-1' looks like an API set, but it's not in the list!
6681bc0.217c: supR3HardenedIsApiSetDll: '鳗㼼' -> false
6691bc0.217c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll': 127 (NtPath=\??\C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll; Input=api-ms-win-core-fibers-l1-1-1; rcNtGetDll=0xc0000135
6701bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\api-ms-win-core-fibers-l1-1-1.dll'
6711bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6721bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ead1:<flags> [calling]
6731bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
6741bc0.217c: supR3HardenedIsApiSetDll: Warning! 'api-ms-win-core-localization-l1-2-1' looks like an API set, but it's not in the list!
6751bc0.217c: supR3HardenedIsApiSetDll: '鳗㼼' -> false
6761bc0.217c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\api-ms-win-core-localization-l1-2-1.dll': 2 (NtPath=\??\C:\windows\system32\api-ms-win-core-localization-l1-2-1.dll; Input=api-ms-win-core-localization-l1-2-1; rcNtGetDll=0xc0000135
6771bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\api-ms-win-core-localization-l1-2-1.dll'
6781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6791bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6801bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
6811bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
6821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6841bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
6851bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
6861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6871bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6881bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
6891bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
6901bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e991:<flags> [calling]
6911bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6921bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
6931bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6941bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd4e0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
6951bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6961bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6971bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6981bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
6991bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
7001bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefec80000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
7011bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
7021bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcfe0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
7031bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7041bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
7051bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
7061bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
7071bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7091bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7121bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7131bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e991:<flags> [calling]
7141bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7151bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
7161bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7171bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\CRYPTSP.dll'
7181bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7191bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
7201bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
7211bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7221bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7231bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7241bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e8a1:<flags> [calling]
7251bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7261bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc810000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
7271bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7281bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc810000 'C:\windows\system32\rsaenh.dll'
7291bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7301bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014dfe1:<flags> [calling]
7311bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
7321bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7331bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e131:<flags> [calling]
7341bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
7351bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
7361bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
7371bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e4b1:<flags> [calling]
7381bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7391bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc800000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
7401bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7411bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc800000 'C:\windows\system32\CRYPTBASE.dll'
7421bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\psapi.dll)
7431bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll
7441bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e5e1:<flags> [calling]
7451bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\psapi.dll [lacks WinVerifyTrust]
7461bc0.217c: supR3HardenedDllNotificationCallback: load 0000000077010000 LB 0x00007000 C:\windows\system32\PSAPI.DLL [fFlags=0x0]
7471bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\psapi.dll [lacks WinVerifyTrust]
7481bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\windows\system32\PSAPI.DLL'
7491bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc930000 'C:\Program Files\Avecto\Privilege Guard Client\PGHook.dll'
7501bc0.217c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076ea3740 pvNtTerminateThread=0000000076ec9dd0
7511bc0.217c: \SystemRoot\System32\ntdll.dll:
7521bc0.217c: CreationTime: 2018-02-07T08:27:02.123928600Z
7531bc0.217c: LastWriteTime: 2018-01-07T15:34:42.140674500Z
7541bc0.217c: ChangeTime: 2018-02-07T08:43:35.790800300Z
7551bc0.217c: FileAttributes: 0x20
7561bc0.217c: Size: 0x196968
7571bc0.217c: NT Headers: 0xe0
7581bc0.217c: Timestamp: 0x5a524044
7591bc0.217c: Machine: 0x8664 - amd64
7601bc0.217c: Timestamp: 0x5a524044
7611bc0.217c: Image Version: 6.1
7621bc0.217c: SizeOfImage: 0x19f000 (1699840)
7631bc0.217c: Resource Dir: 0x142000 LB 0x5a028
7641bc0.217c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7651bc0.217c: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7661bc0.217c: ProductName: Microsoft® Windows® Operating System
7671bc0.217c: ProductVersion: 6.1.7601.24009
7681bc0.217c: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
7691bc0.217c: FileDescription: NT Layer DLL
7701bc0.217c: \SystemRoot\System32\kernel32.dll:
7711bc0.217c: CreationTime: 2018-02-07T08:27:04.697796600Z
7721bc0.217c: LastWriteTime: 2018-01-07T15:42:23.414000000Z
7731bc0.217c: ChangeTime: 2018-02-07T08:43:36.773600300Z
7741bc0.217c: FileAttributes: 0x20
7751bc0.217c: Size: 0x11c000
7761bc0.217c: NT Headers: 0xe0
7771bc0.217c: Timestamp: 0x5a524089
7781bc0.217c: Machine: 0x8664 - amd64
7791bc0.217c: Timestamp: 0x5a524089
7801bc0.217c: Image Version: 6.1
7811bc0.217c: SizeOfImage: 0x11f000 (1175552)
7821bc0.217c: Resource Dir: 0x116000 LB 0x528
7831bc0.217c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7841bc0.217c: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7851bc0.217c: ProductName: Microsoft® Windows® Operating System
7861bc0.217c: ProductVersion: 6.1.7601.24009
7871bc0.217c: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
7881bc0.217c: FileDescription: Windows NT BASE API Client DLL
7891bc0.217c: \SystemRoot\System32\KernelBase.dll:
7901bc0.217c: CreationTime: 2018-02-07T08:27:28.377382200Z
7911bc0.217c: LastWriteTime: 2018-01-07T15:42:23.430000000Z
7921bc0.217c: ChangeTime: 2018-02-07T08:43:36.758000300Z
7931bc0.217c: FileAttributes: 0x20
7941bc0.217c: Size: 0x66800
7951bc0.217c: NT Headers: 0xe8
7961bc0.217c: Timestamp: 0x5a52408a
7971bc0.217c: Machine: 0x8664 - amd64
7981bc0.217c: Timestamp: 0x5a52408a
7991bc0.217c: Image Version: 6.1
8001bc0.217c: SizeOfImage: 0x6a000 (434176)
8011bc0.217c: Resource Dir: 0x68000 LB 0x530
8021bc0.217c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8031bc0.217c: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
8041bc0.217c: ProductName: Microsoft® Windows® Operating System
8051bc0.217c: ProductVersion: 6.1.7601.24009
8061bc0.217c: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
8071bc0.217c: FileDescription: Windows NT BASE API Client DLL
8081bc0.217c: \SystemRoot\System32\apisetschema.dll:
8091bc0.217c: CreationTime: 2018-02-07T08:27:37.206529400Z
8101bc0.217c: LastWriteTime: 2018-01-07T15:42:19.202000000Z
8111bc0.217c: ChangeTime: 2018-02-07T08:43:35.681600300Z
8121bc0.217c: FileAttributes: 0x20
8131bc0.217c: Size: 0x1a00
8141bc0.217c: NT Headers: 0xc0
8151bc0.217c: Timestamp: 0x5a524024
8161bc0.217c: Machine: 0x8664 - amd64
8171bc0.217c: Timestamp: 0x5a524024
8181bc0.217c: Image Version: 6.1
8191bc0.217c: SizeOfImage: 0x50000 (327680)
8201bc0.217c: Resource Dir: 0x30000 LB 0x3f8
8211bc0.217c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8221bc0.217c: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
8231bc0.217c: ProductName: Microsoft® Windows® Operating System
8241bc0.217c: ProductVersion: 6.1.7601.24009
8251bc0.217c: FileVersion: 6.1.7601.24009 (win7sp1_ldr.180107-0421)
8261bc0.217c: FileDescription: ApiSet Schema DLL
8271bc0.217c: Found driver SysPlant (0x1)
8281bc0.217c: Found driver SymNetS (0x2)
8291bc0.217c: Found driver PGDriver (0x20000)
8301bc0.217c: Found driver SRTSPX (0x2)
8311bc0.217c: Found driver SymEvent (0x2)
8321bc0.217c: Found driver SymIRON (0x2)
8331bc0.217c: supR3HardenedWinFindAdversaries: 0x20003
8341bc0.217c: \SystemRoot\System32\drivers\SysPlant.sys:
8351bc0.217c: CreationTime: 2017-12-07T12:15:15.990800300Z
8361bc0.217c: LastWriteTime: 2018-01-15T05:18:04.602800000Z
8371bc0.217c: ChangeTime: 2018-01-15T05:18:04.602800000Z
8381bc0.217c: FileAttributes: 0x20
8391bc0.217c: Size: 0x2e950
8401bc0.217c: NT Headers: 0x100
8411bc0.217c: Timestamp: 0x59c58a3f
8421bc0.217c: Machine: 0x8664 - amd64
8431bc0.217c: Timestamp: 0x59c58a3f
8441bc0.217c: Image Version: 5.0
8451bc0.217c: SizeOfImage: 0x30000 (196608)
8461bc0.217c: Resource Dir: 0x2e000 LB 0x498
8471bc0.217c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8481bc0.217c: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
8491bc0.217c: ProductName: Symantec CMC Firewall
8501bc0.217c: ProductVersion: 12.1.7359.6900
8511bc0.217c: FileVersion: 12.1.7359.6900
8521bc0.217c: FileDescription: Symantec CMC Firewall SysPlant
8531bc0.217c: \SystemRoot\System32\sysfer.dll:
8541bc0.217c: CreationTime: 2017-12-07T12:15:15.990800300Z
8551bc0.217c: LastWriteTime: 2018-01-15T05:18:04.587200000Z
8561bc0.217c: ChangeTime: 2018-01-15T05:18:04.587200000Z
8571bc0.217c: FileAttributes: 0x20
8581bc0.217c: Size: 0x74ee8
8591bc0.217c: NT Headers: 0xf8
8601bc0.217c: Timestamp: 0x59c58a44
8611bc0.217c: Machine: 0x8664 - amd64
8621bc0.217c: Timestamp: 0x59c58a44
8631bc0.217c: Image Version: 0.0
8641bc0.217c: SizeOfImage: 0x8d000 (577536)
8651bc0.217c: Resource Dir: 0x8b000 LB 0x48c
8661bc0.217c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8671bc0.217c: [Raw version resource data: 0x8b0b8 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
8681bc0.217c: ProductName: Symantec CMC Firewall
8691bc0.217c: ProductVersion: 12.1.7359.6900
8701bc0.217c: FileVersion: 12.1.7359.6900
8711bc0.217c: FileDescription: Symantec CMC Firewall sysfer
8721bc0.217c: \SystemRoot\System32\drivers\symevent64x86.sys:
8731bc0.217c: CreationTime: 2017-12-07T12:15:47.502800500Z
8741bc0.217c: LastWriteTime: 2018-01-13T18:32:12.623500000Z
8751bc0.217c: ChangeTime: 2018-01-13T18:32:12.623500000Z
8761bc0.217c: FileAttributes: 0x20
8771bc0.217c: Size: 0x2ccf0
8781bc0.217c: NT Headers: 0xf0
8791bc0.217c: Timestamp: 0x57be5070
8801bc0.217c: Machine: 0x8664 - amd64
8811bc0.217c: Timestamp: 0x57be5070
8821bc0.217c: Image Version: 6.0
8831bc0.217c: SizeOfImage: 0x37000 (225280)
8841bc0.217c: Resource Dir: 0x35000 LB 0x3c8
8851bc0.217c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8861bc0.217c: [Raw version resource data: 0x350b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
8871bc0.217c: ProductName: SYMEVENT
8881bc0.217c: ProductVersion: 12.9.6.28
8891bc0.217c: FileVersion: 12.9.6.28
8901bc0.217c: FileDescription: Symantec Event Library
8911bc0.217c: \SystemRoot\System32\drivers\PGDriver.sys:
8921bc0.217c: CreationTime: 2018-01-16T15:26:01.390353200Z
8931bc0.217c: LastWriteTime: 2017-02-01T12:22:50.000000000Z
8941bc0.217c: ChangeTime: 2018-02-18T08:05:51.696400000Z
8951bc0.217c: FileAttributes: 0x20
8961bc0.217c: Size: 0x8250
8971bc0.217c: NT Headers: 0xf0
8981bc0.217c: Timestamp: 0x582461ca
8991bc0.217c: Machine: 0x8664 - amd64
9001bc0.217c: Timestamp: 0x582461ca
9011bc0.217c: Image Version: 6.3
9021bc0.217c: SizeOfImage: 0xa000 (40960)
9031bc0.217c: Resource Dir: 0x8000 LB 0x430
9041bc0.217c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9051bc0.217c: [Raw version resource data: 0x8060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
9061bc0.217c: ProductName: Avecto Defendpoint
9071bc0.217c: ProductVersion: 2016.11.10.1
9081bc0.217c: FileVersion: 2016.11.10.1
9091bc0.217c: SpecialBuild: D
9101bc0.217c: FileDescription: Defendpoint Driver
9111bc0.217c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
9121bc0.217c: Calling main()
9131bc0.217c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
9141bc0.217c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
91523d8.1cf8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
91623d8.1cf8: supR3HardNtEnableThreadCreation:
91723d8.1cf8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 0 ms.
9181bc0.217c: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
9191bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
9201bc0.217c: SUPR3HardenedMain: Final process, opening VBoxDrv...
9211bc0.217c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
9221bc0.217c: supR3HardNtEnableThreadCreation:
9231bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9241bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
9251bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014b881:<flags> [calling]
9261bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9271bc0.217c: supR3HardenedDllNotificationCallback: load 000007fed5280000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
9281bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9291bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9301bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000148fb1:<flags> [calling]
9311bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9321bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9331bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000148fb1:<flags> [calling]
9341bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9351bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5280000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9361bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9371bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
9381bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
9391bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
9401bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
9411bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
9421bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9431bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9441bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9451bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9461bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9471bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
9481bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
9491bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9501bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9511bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9521bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
9531bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
9541bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
9551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9571bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9581bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9591bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9601bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9611bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9621bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9631bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9641bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d691:<flags> [calling]
9651bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9661bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
9671bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9681bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
9691bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9701bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcb40000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
9711bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9721bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\windows\system32\Wintrust.dll'
9731bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
9741bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
9751bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d691:<flags> [calling]
9761bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9771bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc260000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
9781bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9791bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc260000 'C:\windows\system32\bcrypt.dll'
9801bc0.217c: bcrypt.dll loaded at 000007fefc260000, BCryptOpenAlgorithmProvider at 000007fefc262460, preloading providers:
9811bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
9821bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
9831bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
9841bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
9851bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9871bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9881bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9891bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9901bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9911bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d671:<flags> [calling]
9921bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9931bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefbd90000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
9941bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9951bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd90000 'C:\windows\system32\bcryptprimitives.dll'
9961bc0.217c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000087cd70)
9971bc0.217c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000087d2f0)
9981bc0.217c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000087d420)
9991bc0.217c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000087d550)
10001bc0.217c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000087d680)
10011bc0.217c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000087d7b0)
10021bc0.217c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000087da00)
10031bc0.217c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000087db30)
10041bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10051bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d1e1:<flags> [calling]
10061bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\CRYPTSP.dll'
10071bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10081bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d141:<flags> [calling]
10091bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\windows\system32\WINTRUST.DLL'
10101bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10111bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014cf71:<flags> [calling]
10121bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\CRYPT32.dll'
10131bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10141bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
10151bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
10161bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
10171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10181bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10191bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10201bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10211bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10221bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10231bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cfc1:<flags> [calling]
10241bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10251bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
10261bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10271bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\windows\system32\imagehlp.dll'
10281bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10291bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014d111:<flags> [calling]
10301bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\CRYPTSP.dll'
10311bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10321bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
10331bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
10341bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10361bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10371bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
10381bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
10391bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
10401bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
10411bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
10421bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
10431bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10441bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
10451bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
10461bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
10471bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10481bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10491bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10501bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
10511bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
10521bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10531bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10541bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
10551bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
10561bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
10571bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10581bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10591bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10611bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10621bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10631bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10641bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10651bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10661bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10671bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10681bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10691bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10701bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10711bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10721bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cc41:<flags> [calling]
10731bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10741bc0.217c: supR3HardenedDllNotificationCallback: load 0000000076d60000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
10751bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
10761bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
10771bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10781bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefead0000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
10791bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
10801bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x000cb000 C:\windows\system32\USP10.dll [fFlags=0x0]
10811bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
10821bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10831bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c0f1:<flags> [calling]
10841bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\windows\system32\gdi32.dll'
10851bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
10861bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
10871bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
10881bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
10891bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
10901bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
10911bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
10921bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10931bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
10941bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
10951bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
10961bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
10971bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
10981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11001bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11011bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11021bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11031bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11041bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
11051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
11061bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11071bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11091bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11121bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
11131bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11141bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11151bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11161bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ba31:<flags> [calling]
11171bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11181bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd850000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
11191bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11201bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefeaf0000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
11211bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
11221bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\windows\system32\IMM32.DLL'
11231bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d60000 'C:\windows\system32\USER32.dll'
11241bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
11251bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11261bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
11271bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
11281bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
11291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11301bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11311bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11331bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11341bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11371bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11381bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cf41:<flags> [calling]
11391bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11401bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc2b0000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
11411bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11421bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\windows\system32\ncrypt.dll'
11431bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11441bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cd31:<flags> [calling]
11451bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc260000 'C:\windows\system32\bcrypt.dll'
11461bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11471bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11481bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
11491bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
11501bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
11511bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11521bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11531bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11541bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
11551bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
11561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11571bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11581bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11591bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11611bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11621bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11631bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11641bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11651bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c6c1:<flags> [calling]
11661bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11671bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
11681bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11691bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcb30000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
11701bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11711bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\windows\system32\USERENV.dll'
11721bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
11731bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c421:<flags> [calling]
11741bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11751bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
11761bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c7b1:<flags> [calling]
11771bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11791bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11801bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
11811bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
11821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11841bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11851bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11871bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11881bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c9e1:<flags> [calling]
11891bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11901bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefbc40000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
11911bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
11921bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc40000 'C:\windows\system32\GPAPI.dll'
11931bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
11941bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c931:<flags> [calling]
11951bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11961bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11971bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014bf71:<flags> [calling]
11981bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\windows\system32\rpcrt4.dll'
11991bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
12001bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c911:<flags> [calling]
12011bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-WIN-Service-Management-L2-1-0.dll'
12021bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
12031bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c921:<flags> [calling]
12041bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12051bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12061bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
12071bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
12081bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
12091bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
12101bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
12111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
12121bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
12131bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12141bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
12151bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
12161bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12181bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12191bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12201bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12211bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12221bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12231bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12241bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12251bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12261bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12271bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12281bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c421:<flags> [calling]
12291bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12301bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefa3a0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
12311bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12321bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
12331bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
12341bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12351bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12361bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12371bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12381bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12391bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12401bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12411bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12421bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12431bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12441bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12451bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12461bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12471bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12481bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12491bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12501bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000014b601:<flags> [calling]
12511bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12521bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12531bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12541bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12551bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12561bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12571bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12581bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12591bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12601bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12611bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12621bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12631bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12641bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3a0000 'C:\windows\system32\cryptnet.dll'
12651bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
12661bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014bd41:<flags> [calling]
12671bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12681bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12691bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014bd41:<flags> [calling]
12701bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\windows\system32\profapi.dll'
12711bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12721bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12731bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12741bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
12751bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
12761bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12771bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12781bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12791bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12801bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12811bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
12821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12841bc0.217c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12851bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014b7d1:<flags> [calling]
12861bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12871bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefec00000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
12881bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12891bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec00000 'C:\windows\system32\SHLWAPI.dll'
12901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
12911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008d1ea0
12921bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
12931bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9719F45900C92F99DCC8506EABE14F8BE546F6B7
12941bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
12951bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c701:<flags> [calling]
12961bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12971bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
12981bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c261:<flags> [calling]
12991bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
13001bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
13011bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c261:<flags> [calling]
13021bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
13031bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13041bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c701:<flags> [calling]
13051bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
13061bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
13071bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c6b1:<flags> [calling]
13081bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13091bc0.217c: supR3HardenedIsApiSetDll: '<NULL>' -> true
13101bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000014c3a1:<flags> [calling]
13111bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13121bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
13131bc0.217c: g_pfnWinVerifyTrust=000007fefce91010
13141bc0.217c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13151bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
13161bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13171bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13181bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03C3949C543BC88555B566D6E3CD5F1E43072E83
13191bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
13201bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13211bc0.217c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
13221bc0.217c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13231bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
13241bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13251bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13261bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94B4C88ADC72C33C3A3D87A716B5557571C2B9F2
13271bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
13281bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13291bc0.217c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
13301bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
13311bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13321bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13331bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
13341bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
13351bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13361bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
13371bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
13381bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13391bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13401bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
13411bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
13421bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13431bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
13441bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
13451bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13461bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13471bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6AFF13995E2E993955E220EA5853B61404FCBF42
13481bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
13491bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13501bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
13511bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000284 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
13521bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13531bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13541bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
13551bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
13561bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13571bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
13581bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
13591bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13601bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13611bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
13621bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
13631bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13641bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
13651bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ec pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
13661bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13671bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13681bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
13691bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
13701bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13711bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
13721bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
13731bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13741bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13751bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8112177B5F93264BDF7AE04C009621B2B8CF684F
13761bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
13771bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13781bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
13791bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
13801bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13811bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13821bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B18074E6500B26B9675D6739EF0E6FFC56E8E0CA
13831bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
13841bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13851bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
13861bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
13871bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13891bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
13901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
13911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13921bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
13931bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
13941bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
13951bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
13961bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
13971bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
13981bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13991bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
14001bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
14011bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14021bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14031bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B66EF8F994787670440ABD1B9C58FEF0296A5CC
14041bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
14051bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14061bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
14071bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
14081bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14091bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14101bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D767C07C15EAAFC316567AB2F5CA7B85CCD70E2
14111bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
14121bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14131bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
14141bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
14151bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14161bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14171bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
14181bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
14191bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14201bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
14211bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
14221bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14231bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14241bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
14251bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
14261bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14271bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
14281bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
14291bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000014c pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
14301bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14311bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14321bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=68F79B4FEBC5DB055B02FDF809A2E6B45056DB1D
14331bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
14341bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14351bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
14361bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
14371bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14381bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14391bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
14401bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
14411bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14421bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
14431bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
14441bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000078 pwszName=\Device\HarddiskVolume1\Windows\System32\psapi.dll
14451bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14461bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14471bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
14481bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\psapi.dll'
14491bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14501bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\psapi.dll'
14511bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000064 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
14521bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14531bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14541bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C4FF188B058921CD02BD74559017F3ADF038A07F
14551bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
14561bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14571bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
14581bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
14591bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000060 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
14601bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14611bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14621bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
14631bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
14641bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14651bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
14661bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000004c pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
14671bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14681bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14691bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
14701bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
14711bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14721bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
14731bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000048 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
14741bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14751bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14761bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
14771bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
14781bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14791bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
14801bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000044 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
14811bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14821bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14831bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B756110E5917774DD04C90804EBA9CD3F2BA66F
14841bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
14851bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14861bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
14871bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000040 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
14881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
14891bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
14901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33218A6CA853A1515560A84F6A8E334B2BD5EA4B
14911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
14921bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14931bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
14941bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
14951bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014b521:<flags> [calling]
14961bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\crypt32.dll'
14971bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\api-ms-win-core-synch-l1-2-0.dll'
14981bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Avecto\Privilege Guard Client\PGHook.dll'
14991bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
15001bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
15011bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
15021bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A874C4D4B665651046A98088A03CB6848E9D3D20
15031bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
15041bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15051bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
15061bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
15071bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
15081bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
15091bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1FE3184DB28E5263FD86A4638D7F109DA4B48BBB
15101bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
15111bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15121bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
15131bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
15141bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c1a1:<flags> [calling]
15151bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\crypt32.dll'
15161bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
15171bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
15181bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x8f5f1381b63ed000 C=local, O=domain, CN=GOIrootCA
15191bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
15201bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15211bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15221bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x75448bd8c4fe35c7 CN=WSUS Publishers Self-signed
15231bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xcdf4ddba149eb200 CN=WSUS Publishers Self-signed
15241bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15251bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15261bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15271bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
15281bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15291bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
15301bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
15311bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15321bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
15331bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
15341bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15351bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15361bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
15371bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
15381bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
15391bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15401bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
15411bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15421bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15431bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
15441bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15451bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
15461bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15471bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
15481bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
15491bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15501bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15511bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
15521bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15531bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
15541bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15551bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
15561bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
15571bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
15581bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
15591bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
15601bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15611bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
15621bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
15631bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
15641bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15651bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
15661bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15671bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x5252151c5ee8ee00 DC=int, DC=snl, CN=snlcert1
15681bc0.217c: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: DC=mhc, DC=mhf, CN=MHFISubCA
15691bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x8f5f1381b63ed000 C=local, O=domain, CN=GOIrootCA
15701bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xf63a1bb8201eaf00 CN=WSUS Publishers Self-signed
15711bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e4c04707d589b00 DC=com, DC=ciqdev, CN=CIQDEV Root CA
15721bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x3055746d145fd100 CN=MHFIRootCA
15731bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0x1e85c204b5c1a300 DC=com, DC=capiqcorp, CN=CAPIQCORP Root CA
15741bc0.217c: supR3HardenedWinIsDesiredRootCA: Adding 0xfd1698fad336bd00 CN=WSUS Publishers Self-signed
15751bc0.217c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=58
15761bc0.217c: SUPR3HardenedMain: Load Runtime...
15771bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15791bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
15801bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
15811bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
15821bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
15831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15841bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15851bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
15861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15871bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000444 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
15891bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
15901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
15911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
15921bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
15931bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15941bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15951bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15961bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
15971bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
15981bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
15991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16001bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16011bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
16021bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
16031bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
16041bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16061bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
16071bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16101bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
16121bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
16131bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
16141bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
16151bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
16161bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
16171bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
16181bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16191bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
16201bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
16211bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16221bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16231bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
16241bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16251bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16261bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
16271bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c4d1:<flags> [calling]
16281bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16291bc0.217c: supR3HardenedDllNotificationCallback: load 000007feccfd0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
16301bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16311bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16321bc0.217c: supR3HardenedDllNotificationCallback: load 0000000078760000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
16331bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16341bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
16351bc0.217c: supR3HardenedDllNotificationCallback: load 0000000078a40000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
16361bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
16371bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcef0000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
16381bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
16391bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefeae0000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
16401bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
16411bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16421bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16431bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16441bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16451bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16461bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16471bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16481bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16491bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16501bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16511bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16521bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16531bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16541bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16551bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16561bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16571bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16581bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16591bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16601bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16611bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16621bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16631bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16641bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16651bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16661bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16671bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16681bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16691bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16701bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16711bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16721bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16731bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16741bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16751bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16761bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16771bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16781bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16791bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16801bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16811bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16821bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16831bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16841bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
16851bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149bc1:<flags> [calling]
16861bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16871bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16881bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16891bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feccfd0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16901bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
16911bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e031:<flags> [calling]
16921bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\windows\system32\Wintrust.dll'
16931bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
16941bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cb81:<flags> [calling]
16951bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\crypt32.dll'
16961bc0.217c: SUPR3HardenedMain: Load TrustedMain...
16971bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16981bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
16991bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
17001bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17011bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17021bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
17031bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
17041bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
17051bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
17061bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
17071bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
17081bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
17091bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
17101bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
17111bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
17121bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
17131bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
17141bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
17151bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
17161bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
17171bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
17181bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
17191bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
17201bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
17211bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17221bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17231bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17241bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
17251bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
17261bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17271bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17281bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17291bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
17301bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
17311bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
17321bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
17331bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17341bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17351bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17361bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17371bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17381bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
17391bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
17401bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
17411bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17421bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17431bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
17441bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
17451bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
17461bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFFDE66260552BF7E35D8121FA5528186F88C59F
17471bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
17481bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17491bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17501bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17511bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
17521bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17531bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
17541bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
17551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17571bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000470 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
17581bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
17591bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
17601bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=96DDB24DBBF98EDECA2FBB4CEDEB23977AD0203F
17611bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
17621bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17631bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17641bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
17651bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
17661bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
17671bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
17681bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
17691bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17701bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17711bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
17721bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17731bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17741bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
17751bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
17761bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
17771bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
17781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17791bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17801bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
17811bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
17831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
17841bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17851bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17861bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
17871bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
17881bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17891bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
17901bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
17911bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
17921bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
17931bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17941bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17951bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17961bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17971bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17981bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17991bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
18001bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
18011bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18021bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18031bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
18041bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18071bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
18081bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18091bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18101bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18111bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
18121bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
18131bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
18141bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
18151bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18161bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18181bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
18191bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
18201bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
18211bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18221bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18231bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
18241bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
18251bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
18261bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
18271bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18281bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18301bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
18311bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18331bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
18341bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18371bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18381bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
18391bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
18401bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
18411bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
18421bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
18431bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18441bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18451bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18461bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18471bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
18481bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
18491bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18501bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
18511bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
18521bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18531bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18541bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
18551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
18561bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
18571bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
18581bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
18591bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
18601bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
18611bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18621bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18631bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18641bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
18651bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18661bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
18671bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
18681bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
18691bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
18701bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18711bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18721bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
18731bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
18741bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
18751bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
18761bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
18771bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18791bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18801bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18811bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
18821bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
18831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18841bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18851bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
18861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18871bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18881bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18891bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18901bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18911bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18921bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
18931bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18941bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18951bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
18961bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18971bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18981bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume1\Windows\System32\mpr.dll
18991bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
19001bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
19011bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
19021bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\mpr.dll'
19031bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19041bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) WinVerifyTrust
19051bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
19061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19071bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19081bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
19091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19121bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19131bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
19141bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19151bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19161bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
19171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19181bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19191bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19201bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19211bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
19221bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19231bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19241bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
19251bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19261bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19271bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19281bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19301bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19311bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19331bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19341bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
19351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19371bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
19381bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19391bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19401bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
19411bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19421bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19431bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
19441bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19451bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19461bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
19471bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19481bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19491bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19501bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19511bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19521bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19531bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19541bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19571bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19581bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19591bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
19601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
19611bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
19621bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
19631bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
19641bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
19651bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
19661bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
19671bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19681bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19691bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
19701bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19711bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
19721bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
19731bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19741bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
19751bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
19761bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
19771bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
19781bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
19791bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
19801bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
19811bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
19821bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
19831bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19841bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19851bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19861bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19871bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
19881bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
19891bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19901bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19911bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19921bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19931bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19941bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19951bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19961bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19971bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20001bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20011bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20021bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20031bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20041bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20061bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20071bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20091bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20121bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20131bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20141bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20151bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20161bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20181bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20191bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
20201bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20211bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20221bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20231bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20241bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20251bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20261bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
20271bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20281bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20301bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20311bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20331bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20341bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20371bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20381bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20391bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20401bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20411bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
20421bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20431bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20441bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20451bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20461bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20471bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20481bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20491bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20501bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20511bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20521bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20531bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20541bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
20551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20571bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
20581bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
20591bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
20601bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
20611bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
20621bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20631bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20641bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20651bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20661bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust
20671bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
20681bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20691bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20701bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
20711bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20721bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20731bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20741bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20751bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
20761bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20771bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20781bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20791bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20801bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20811bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20821bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
20831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20841bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20851bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
20861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
20871bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
20881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
20891bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
20901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
20911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
20921bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20931bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20941bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20951bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20961bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust
20971bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
20981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
21001bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
21011bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
21021bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
21031bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
21041bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
21051bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21061bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
21071bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
21081bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
21091bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21101bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
21111bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
21121bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
21131bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
21141bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
21151bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21161bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
21181bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
21191bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
21201bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
21211bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
21221bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA0985FC512E214E291A035EEB14800D4137A952
21231bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
21241bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21251bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21261bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
21271bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21281bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust
21291bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
21301bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21311bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21331bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21341bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21371bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21381bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21391bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21401bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
21411bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
21421bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
21431bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
21441bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
21451bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
21461bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
21471bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21481bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21491bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
21501bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) WinVerifyTrust
21511bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
21521bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21531bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21541bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
21551bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21561bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21571bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21581bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21591bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21611bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21621bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21631bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21641bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21651bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
21661bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
21671bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
21681bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
21691bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
21701bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21711bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21721bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21731bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21741bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) WinVerifyTrust
21751bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
21761bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21771bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21781bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21791bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21801bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21811bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21831bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21841bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21851bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21861bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21871bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21881bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21891bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21901bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21911bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21921bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21931bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21941bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21951bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21961bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
21971bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21991bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c4e1:<flags> [calling]
22001bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
22011bc0.217c: supR3HardenedDllNotificationCallback: load 000007fecc590000 LB 0x00a33000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
22021bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
22031bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
22041bc0.217c: supR3HardenedDllNotificationCallback: load 000007fee2140000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
22051bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
22061bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
22071bc0.217c: supR3HardenedDllNotificationCallback: load 000007feec010000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
22081bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
22091bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
22101bc0.217c: supR3HardenedDllNotificationCallback: load 000007fee29e0000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
22111bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
22121bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
22131bc0.217c: supR3HardenedDllNotificationCallback: load 000007feec9e0000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
22141bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
22151bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefeca0000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
22161bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
22171bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcbc0000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
22181bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
22191bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x000da000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
22201bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22211bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd580000 LB 0x001fd000 C:\windows\system32\ole32.dll [fFlags=0x0]
22221bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
22231bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefce40000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
22241bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
22251bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
22261bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefaff0000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
22271bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
22281bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22291bc0.217c: supR3HardenedDllNotificationCallback: load 0000000066450000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
22301bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22311bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x00d8b000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
22321bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
22331bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
22341bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef8680000 LB 0x00018000 C:\windows\system32\MPR.dll [fFlags=0x0]
22351bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
22361bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22371bc0.217c: supR3HardenedDllNotificationCallback: load 000007fecbf90000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
22381bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22391bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22401bc0.217c: supR3HardenedDllNotificationCallback: load 0000000064be0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
22411bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22421bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22431bc0.217c: supR3HardenedDllNotificationCallback: load 000007fecbf30000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
22441bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22451bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
22461bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef94e0000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
22471bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
22481bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
22491bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
22501bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
22511bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22521bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22531bc0.217c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
22541bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
22551bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef3bf0000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
22561bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
22571bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22581bc0.217c: supR3HardenedDllNotificationCallback: load 0000000062a70000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
22591bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22601bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
22611bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefa690000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
22621bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
22631bc0.217c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
22641bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
22651bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
22661bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22671bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22681bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22691bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22701bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22711bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22721bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014ba61:<flags> [calling]
22731bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd850000 'C:\windows\system32\imm32.dll'
22741bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.DLL'
22751bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
22761bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
22771bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc800000 'C:\windows\system32\cryptbase.dll'
22781bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecc590000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
22791bc0.217c: SUPR3HardenedMain: Calling TrustedMain (000007fecc5914f0)...
22801bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
22811bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014dd91:<flags> [calling]
22821bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd580000 'C:\windows\system32\ole32.dll'
22831bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
22841bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
22851bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014c471:<flags> [calling]
22861bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\windows\system32\profapi.dll'
22871bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
22881bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
22891bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
22901bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
22911bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
22921bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22931bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
22941bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
22951bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
22961bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
22971bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
22981bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
22991bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23001bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23011bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23021bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23031bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23041bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23071bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23101bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
23111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
23121bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
23131bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
23141bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23151bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23161bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
23171bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
23181bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
23191bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
23201bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23211bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23221bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
23231bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23241bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23251bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23261bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23271bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
23281bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23301bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e761:<flags> [calling]
23311bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23321bc0.217c: supR3HardenedDllNotificationCallback: load 000007fecbe00000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
23331bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23341bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecbe00000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
23351bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
23361bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e691:<flags> [calling]
23371bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc800000 'C:\windows\system32\CRYPTBASE.dll'
23381bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d60000 'C:\windows\system32\user32.dll'
23391bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
23401bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014e9a1:<flags> [calling]
23411bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\windows\system32\shell32.dll'
23421bc0.217c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
23431bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
23441bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
23451bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014edc1:<flags> [calling]
23461bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\windows\system32\winmm.dll'
23471bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
23481bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014edc1:<flags> [calling]
23491bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\windows\system32\winmm.dll'
23501bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
23511bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014f0a1:<flags> [calling]
23521bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\windows\system32\shell32.dll'
23531bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000058c pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
23541bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
23551bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
23561bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
23571bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
23581bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23591bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23601bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23611bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
23621bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
23631bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
23641bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23651bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23661bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23671bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23681bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23691bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23701bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014f071:<flags> [calling]
23711bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
23721bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
23731bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
23741bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\uxtheme.dll'
23751bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\advapi32.dll'
23761bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
23771bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014efd1:<flags> [calling]
23781bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\windows\system32\userenv.dll'
23791bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
23801bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014f0b1:<flags> [calling]
23811bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c40000 'C:\windows\system32\kernel32.dll'
23821bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a8 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
23831bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
23841bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
23851bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
23861bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
23871bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23881bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23891bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
23901bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23911bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23921bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23931bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
23941bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
23951bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
23961bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23971bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24001bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
24011bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24021bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24031bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24041bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24071bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
24081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24101bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
24111bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014cdc1:<flags> [calling]
24121bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
24131bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefd110000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
24141bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
24151bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\windows\system32\CLBCatQ.DLL'
24161bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
24171bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
24181bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014bc11:<flags> [calling]
24191bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\CRYPTSP.dll'
24201bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d4 pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
24211bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
24221bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
24231bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
24241bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
24251bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24261bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
24271bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
24281bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
24291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24301bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24311bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014b7d1:<flags> [calling]
24321bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
24331bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc7e0000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
24341bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
24351bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7e0000 'C:\windows\system32\RpcRtRemote.dll'
24361bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24371bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24381bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24391bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24401bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24411bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24421bc0.2054: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
24431bc0.2054: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
24441bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24451bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24461bc0.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
24471bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24481bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24491bc0.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
24501bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24511bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24521bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24531bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24541bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24551bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24561bc0.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
24571bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24581bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24591bc0.2054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000478e901:<flags> [calling]
24601bc0.2054: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
24611bc0.2054: supR3HardenedDllNotificationCallback: load 000007fecb7f0000 LB 0x00544000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
24621bc0.2054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
24631bc0.2054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb7f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
24641bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24651bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24661bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
24671bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
24681bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24691bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24701bc0.2054: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
24711bc0.2054: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
24721bc0.2054: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24731bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24741bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24751bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24761bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24771bc0.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
24781bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24791bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24801bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24811bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24821bc0.2054: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
24831bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24841bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24851bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24861bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24871bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24881bc0.2054: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24891bc0.2054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000478d331:<flags> [calling]
24901bc0.2054: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24911bc0.2054: supR3HardenedDllNotificationCallback: load 000007fecbd40000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
24921bc0.2054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24931bc0.2054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecbd40000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
24941bc0.2054: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
24951bc0.2054: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000478d1c1:<flags> [calling]
24961bc0.2054: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\oleaut32.dll'
24971bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
24981bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\windows\system32\gdi32.dll'
24991bc0.2350: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25001bc0.2350: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25011bc0.2350: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
25021bc0.2350: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25031bc0.2350: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25041bc0.2350: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25051bc0.2350: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25061bc0.2350: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25071bc0.2350: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000280a4c1:<flags> [calling]
25081bc0.2350: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25091bc0.2350: supR3HardenedDllNotificationCallback: load 000007fedcdd0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
25101bc0.2350: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
25111bc0.2350: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedcdd0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
25121bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
25131bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000014aba1:<flags> [calling]
25141bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\windows\system32\shell32.dll'
25151bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.DLL'
25161bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
25171bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25181bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
25191bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
25201bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5openglvbox.dll'.
25211bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
25221bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
25231bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
25241bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
25251bc0.217c: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000970 (hFile=0000000000000968) with 0xc0000022 -> STATUS_TRUST_FAILURE
25261bc0.217c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
25271bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000097c pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll
25281bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
25291bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
25301bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
25311bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
25321bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25331bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) WinVerifyTrust
25341bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
25351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
25361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
25371bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
25381bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
25391bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
25401bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25411bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
25421bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
25431bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
25441bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25451bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25461bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25471bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25481bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25491bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25501bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25511bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
25521bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
25531bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25541bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25551bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
25561bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
25571bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
25581bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
25591bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25611bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
25621bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25631bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25641bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
25651bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25661bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25671bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25681bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25691bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
25701bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
25711bc0.217c: supR3HardenedDllNotificationCallback: load 000007fefc740000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
25721bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
25731bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc740000 'C:\windows\system32\apphelp.dll'
25741bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
25751bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149e81:<flags> [calling]
25761bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d60000 'C:\windows\system32\USER32.dll'
25771bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll
25781bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\psapi.dll (Input=psapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149cc1:<flags> [calling]
25791bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\windows\system32\psapi.dll'
25801bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll
25811bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\psapi.dll (Input=psapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000149e01:<flags> [calling]
25821bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077010000 'C:\windows\system32\psapi.dll'
25831bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd580000 'C:\windows\system32\ole32.dll'
25841bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd580000 'C:\windows\system32\ole32.dll'
25851bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
25861bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000148481:<flags> [calling]
25871bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\windows\system32\OLEAUT32.dll'
25881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000099c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
25891bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
25901bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
25911bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
25921bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
25931bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25941bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25951bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
25961bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25971bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25981bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
25991bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
26001bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
26011bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
26021bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26031bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26041bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
26051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26071bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26121bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26131bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
26141bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
26151bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
26161bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
26171bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
26181bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26191bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26201bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
26211bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
26221bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26231bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
26241bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
26251bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
26261bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26271bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26281bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26291bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26301bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
26311bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26321bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26331bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26341bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26351bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26361bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26371bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26381bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26391bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000146ca1:<flags> [calling]
26401bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
26411bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef9460000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
26421bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
26431bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
26441bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef93d0000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
26451bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
26461bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9460000 'C:\windows\system32\wbem\wbemprox.dll'
26471bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000998 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
26481bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
26491bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
26501bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
26511bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
26521bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26531bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26541bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
26551bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
26561bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
26571bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26581bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26591bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
26601bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26611bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26621bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000146951:<flags> [calling]
26631bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
26641bc0.217c: supR3HardenedDllNotificationCallback: load 000007fee5fb0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
26651bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
26661bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5fb0000 'C:\windows\system32\wbem\wbemsvc.dll'
26671bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ac pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
26681bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
26691bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
26701bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
26711bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
26721bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26731bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26741bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
26751bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
26761bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
26771bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26781bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
26791bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
26801bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
26811bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
26821bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
26831bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009c4 pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
26841bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
26851bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
26861bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
26871bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
26881bc0.217c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26891bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26901bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
26911bc0.217c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
26921bc0.217c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
26931bc0.217c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
26941bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26951bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26961bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26971bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26981bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26991bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27001bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
27011bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
27021bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
27031bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27041bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27051bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
27061bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
27071bc0.217c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
27081bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27091bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27101bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27111bc0.217c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27121bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000146991:<flags> [calling]
27131bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
27141bc0.217c: supR3HardenedDllNotificationCallback: load 000007fee6050000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
27151bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
27161bc0.217c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
27171bc0.217c: supR3HardenedDllNotificationCallback: load 000007fef8400000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
27181bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
27191bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6050000 'C:\windows\system32\wbem\fastprox.dll'
27201bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\windows\system32\OLEAUT32.dll'
27211bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27221bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
27231bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27241bc0.1170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
27251bc0.1170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27261bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27271bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27281bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
27291bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
27301bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
27311bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27321bc0.1170: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
27331bc0.1170: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
27341bc0.1170: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
27351bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27361bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27371bc0.1170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
27381bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27391bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27401bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27411bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27421bc0.1170: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27431bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27441bc0.1170: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27451bc0.1170: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006a3e811:<flags> [calling]
27461bc0.1170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27471bc0.1170: supR3HardenedDllNotificationCallback: load 000007fecb1f0000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
27481bc0.1170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27491bc0.1170: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
27501bc0.1170: supR3HardenedDllNotificationCallback: load 000000006ef50000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
27511bc0.1170: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
27521bc0.1170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb1f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27531bc0.22f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27541bc0.22f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27551bc0.22f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27561bc0.22f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27571bc0.22f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27581bc0.22f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27591bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27601bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27611bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27621bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27631bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27641bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27651bc0.22f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27661bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27671bc0.22f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27681bc0.22f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000711db01:<flags> [calling]
27691bc0.22f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27701bc0.22f8: supR3HardenedDllNotificationCallback: load 000007fed9310000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27711bc0.22f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27721bc0.22f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9310000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27731bc0.22f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d60000 'C:\windows\system32\User32.dll'
27741bc0.24c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27751bc0.24c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27761bc0.24c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27771bc0.24c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
27781bc0.24c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27791bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27801bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27811bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27821bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27831bc0.24c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
27841bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27851bc0.24c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27861bc0.24c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000075adc41:<flags> [calling]
27871bc0.24c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27881bc0.24c: supR3HardenedDllNotificationCallback: load 000007fed6ce0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
27891bc0.24c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27901bc0.24c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6ce0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
27911bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
27921bc0.eec: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000ac8 (hFile=0000000000000b14) with 0xc0000022 -> STATUS_TRUST_FAILURE
27931bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27941bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
27951bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27961bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
27971bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
27981bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
27991bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
28001bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
28011bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
28021bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
28031bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28041bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28051bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28061bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28071bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28081bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28091bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
28101bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
28111bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28121bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
28131bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28141bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
28151bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
28161bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
28171bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
28181bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28191bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28201bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28211bc0.54c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28221bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28231bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28241bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28251bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28261bc0.54c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28271bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28281bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28291bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28301bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28311bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28321bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28331bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28341bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28351bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28361bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28371bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28381bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28391bc0.54c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28401bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28411bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28421bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727d881:<flags> [calling]
28431bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
28441bc0.54c: supR3HardenedDllNotificationCallback: load 000007fecd6d0000 LB 0x0010e000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
28451bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
28461bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28471bc0.54c: supR3HardenedDllNotificationCallback: load 000007fed52e0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
28481bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28491bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28501bc0.54c: supR3HardenedDllNotificationCallback: load 000007fed5310000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
28511bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28521bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd6d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
28531bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
28541bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e6c1:<flags> [calling]
28551bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5310000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
28561bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28571bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
28581bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
28591bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
28601bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
28611bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
28621bc0.54c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
28631bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28641bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28651bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e661:<flags> [calling]
28661bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
28671bc0.54c: supR3HardenedDllNotificationCallback: load 000007fed52c0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
28681bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
28691bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed52c0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
28701bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
28711bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727c661:<flags> [calling]
28721bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
28731bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32/opengl32.dll'
28741bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
28751bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e1b1:<flags> [calling]
28761bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
28771bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\windows\system32\gdi32.dll'
28781bc0.54c: \Device\HarddiskVolume1\Windows\System32\ig9icd64.dll: Owner is administrators group.
28791bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
28801bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727bb51:<flags> [calling]
28811bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\crypt32.dll'
28821bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shell32.dll'.
28831bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'opengl32.dll'.
28841bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28851bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
28861bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28871bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wtsapi32.dll'.
28881bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'dwmapi.dll'.
28891bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ig9icd64.dll) WinVerifyTrust
28901bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ig9icd64.dll
28911bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
28921bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
28931bc0.54c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
28941bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
28951bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
28961bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b68 pwszName=\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
28971bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
28981bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
28991bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
29001bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll'
29011bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29021bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29031bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll) WinVerifyTrust
29041bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
29051bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29061bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29071bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29081bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29091bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29101bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29111bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
29121bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
29131bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
29141bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
29151bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29161bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29171bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ig9icd64.dll (Input=ig9icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727d9e1:<flags> [calling]
29181bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ig9icd64.dll
29191bc0.54c: supR3HardenedDllNotificationCallback: load 000007fec9730000 LB 0x00d5f000 C:\windows\system32\ig9icd64.dll [fFlags=0x0]
29201bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ig9icd64.dll
29211bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
29221bc0.54c: supR3HardenedDllNotificationCallback: load 000007fefbbf0000 LB 0x00011000 C:\windows\system32\WTSAPI32.dll [fFlags=0x0]
29231bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
29241bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec9730000 'C:\windows\system32\ig9icd64.dll'
29251bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\windows\system32\gdi32.dll'
29261bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\windows\system32\gdi32.dll'
29271bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29281bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29291bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29301bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29311bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29321bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29331bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
29341bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e581:<flags> [calling]
29351bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29361bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume1\Windows\System32\version.dll
29371bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
29381bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
29391bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
29401bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\version.dll'
29411bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29421bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
29431bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust
29441bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
29451bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29461bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29471bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e3e1:<flags> [calling]
29481bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
29491bc0.54c: supR3HardenedDllNotificationCallback: load 000007fefba60000 LB 0x0000c000 C:\windows\system32\version.dll [fFlags=0x0]
29501bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
29511bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefba60000 'C:\windows\system32\version.dll'
29521bc0.54c: supR3HardenedDllNotificationCallback: Unload 000007fefba60000 LB 0x0000c000 C:\windows\system32\version.dll [flags=0x0]
29531bc0.54c: \Device\HarddiskVolume1\Windows\System32\igc64.dll: Owner is administrators group.
29541bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\windows\system32\crypt32.dll'
29551bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\igc64.dll) WinVerifyTrust
29561bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\igc64.dll
29571bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\igc64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727db61:<flags> [calling]
29581bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\igc64.dll
29591bc0.54c: supR3HardenedDllNotificationCallback: load 000007fed7530000 LB 0x0115e000 C:\windows\system32\igc64.dll [fFlags=0x0]
29601bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\igc64.dll
29611bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed7530000 'C:\windows\system32\igc64.dll'
29621bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2140000 'C:\windows\system32\OPENGL32.dll'
29631bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076d60000 'C:\windows\system32\USER32.dll'
29641bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba4 pwszName=\Device\HarddiskVolume1\Windows\System32\winsta.dll
29651bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
29661bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
29671bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784FF9CB91ACF5CDF00DE84F778DD4A67C759FA
29681bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_51_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\winsta.dll'
29691bc0.54c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29701bc0.54c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29711bc0.54c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winsta.dll) WinVerifyTrust
29721bc0.54c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winsta.dll
29731bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29741bc0.54c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29751bc0.54c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000727e511:<flags> [calling]
29761bc0.54c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winsta.dll
29771bc0.54c: supR3HardenedDllNotificationCallback: load 000007fefc7a0000 LB 0x0003d000 C:\windows\system32\WINSTA.dll [fFlags=0x0]
29781bc0.54c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winsta.dll
29791bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\windows\system32\WINSTA.dll'
29801bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\windows\system32\ADVAPI32.dll'
29811bc0.54c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfe0000 'C:\windows\system32\RPCRT4.dll'
29821bc0.148c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ig9icd64.dll
29831bc0.148c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ig9icd64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000804f6f1:<flags> [calling]
29841bc0.148c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec9730000 'C:\windows\system32\ig9icd64.dll'
29851bc0.52c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29861bc0.52c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29871bc0.52c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29881bc0.52c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
29891bc0.52c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29901bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29911bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29921bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29931bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29941bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29951bc0.52c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29961bc0.52c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ac1dd01:<flags> [calling]
29971bc0.52c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29981bc0.52c: supR3HardenedDllNotificationCallback: load 000007fed6700000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29991bc0.52c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
30001bc0.52c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6700000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
30011bc0.958: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30021bc0.958: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30031bc0.958: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30041bc0.958: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
30051bc0.958: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30061bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30071bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30081bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30091bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30101bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30111bc0.958: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30121bc0.958: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ab1db21:<flags> [calling]
30131bc0.958: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30141bc0.958: supR3HardenedDllNotificationCallback: load 000007fed52b0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
30151bc0.958: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
30161bc0.958: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed52b0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
30171bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\windows\system32\Shell32.dll'
30181bc0.eec: supR3HardenedIsApiSetDll: '<NULL>' -> true
30191bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000006fd94f1:<flags> [calling]
30201bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
30211bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30221bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdb821:<flags> [calling]
30231bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb1f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30241bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30251bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30261bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30271bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30281bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
30291bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
30301bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30311bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30321bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30331bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30341bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30351bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
30361bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30371bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30381bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30391bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30401bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30411bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30421bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdc9d1:<flags> [calling]
30431bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30441bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd680000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
30451bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
30461bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd680000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
30471bc0.eec: supR3HardenedDllNotificationCallback: Unload 000007fecd680000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30481bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30491bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30501bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30511bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
30521bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
30531bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
30541bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
30551bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
30561bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
30571bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
30581bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
30591bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
30601bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
30611bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
30621bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf8 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
30631bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
30641bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
30651bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
30661bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
30671bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30681bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30691bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
30701bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
30711bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
30721bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
30731bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
30741bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30751bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30761bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30771bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30781bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
30791bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
30801bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
30811bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
30821bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30831bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30841bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
30851bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
30861bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30871bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30881bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
30891bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
30901bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
30911bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
30921bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30931bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30941bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30951bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
30961bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
30971bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
30981bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
30991bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31001bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31011bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31021bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31031bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31041bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31051bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31061bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31071bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31081bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31091bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31101bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
31111bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31121bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31131bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31141bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31151bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31161bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31171bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31181bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31191bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31201bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31211bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31221bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31231bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
31241bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
31251bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce4 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
31261bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
31271bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
31281bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
31291bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_511_for_KB4057400~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
31301bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31311bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31321bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
31331bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
31341bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
31351bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
31361bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
31371bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
31381bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
31391bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31401bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31411bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
31421bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
31431bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
31441bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31451bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31461bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31471bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31481bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fddb11:<flags> [calling]
31491bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
31501bc0.eec: supR3HardenedDllNotificationCallback: load 000007feca820000 LB 0x009c2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
31511bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
31521bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31531bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecb780000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
31541bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31551bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31561bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd670000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
31571bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31581bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
31591bc0.eec: supR3HardenedDllNotificationCallback: load 000007fefa420000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
31601bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
31611bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
31621bc0.eec: supR3HardenedDllNotificationCallback: load 000007fefa410000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
31631bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
31641bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feca820000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
31651bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31661bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fddb11:<flags> [calling]
31671bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31681bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd620000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31691bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31701bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd620000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
31711bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
31721bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fddb11:<flags> [calling]
31731bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb7f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
31741bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31751bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdda21:<flags> [calling]
31761bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd670000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
31771bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31781bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31791bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
31801bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31811bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31821bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31831bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31841bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31851bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdda21:<flags> [calling]
31861bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31871bc0.eec: supR3HardenedDllNotificationCallback: load 000007fed5290000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
31881bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
31891bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5290000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
31901bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31911bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31921bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
31931bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
31941bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31951bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31961bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31971bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31981bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdda21:<flags> [calling]
31991bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32001bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd600000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
32011bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32021bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd600000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
32031bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32041bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32051bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
32061bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32071bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32081bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32091bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32101bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32111bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdda21:<flags> [calling]
32121bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32131bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd5e0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
32141bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32151bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd5e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
32161bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32171bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32181bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
32191bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32201bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32211bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32221bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32231bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32241bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdda21:<flags> [calling]
32251bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32261bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecd580000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
32271bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
32281bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd580000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
32291bc0.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32301bc0.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
32311bc0.93c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
32321bc0.93c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
32331bc0.93c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32341bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32351bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32361bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
32371bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
32381bc0.93c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
32391bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32401bc0.93c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32411bc0.93c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
32421bc0.93c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ad1d861:<flags> [calling]
32431bc0.93c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32441bc0.93c: supR3HardenedDllNotificationCallback: load 000007fecd570000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
32451bc0.93c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
32461bc0.93c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd570000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
32471bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32481bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32491bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
32501bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
32511bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
32521bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
32531bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32541bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32551bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32561bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
32571bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32581bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32591bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32601bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32611bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32621bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32631bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32641bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32651bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdf161:<flags> [calling]
32661bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32671bc0.eec: supR3HardenedDllNotificationCallback: load 000007fecb6b0000 LB 0x000cc000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
32681bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
32691bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb6b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
32701bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
32711bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdd941:<flags> [calling]
32721bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa420000 'C:\windows\system32\Iphlpapi.dll'
32731bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e90 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
32741bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
32751bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
32761bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
32771bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
32781bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32791bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32801bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
32811bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
32821bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
32831bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
32841bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
32851bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32861bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32871bc0.eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
32881bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
32891bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
32901bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32911bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32921bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32931bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32941bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdeae1:<flags> [calling]
32951bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
32961bc0.eec: supR3HardenedDllNotificationCallback: load 000007fef91c0000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
32971bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
32981bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef91c0000 'C:\windows\system32\dhcpcsvc.DLL'
32991bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
33001bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fde741:<flags> [calling]
33011bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa420000 'C:\windows\system32\IPHLPAPI.DLL'
33021bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e94 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
33031bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
33041bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
33051bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
33061bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
33071bc0.eec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33081bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33091bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
33101bc0.eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
33111bc0.eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
33121bc0.eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
33131bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33141bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33151bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33161bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33171bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33181bc0.eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33191bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdea91:<flags> [calling]
33201bc0.eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
33211bc0.eec: supR3HardenedDllNotificationCallback: load 000007fef91a0000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
33221bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
33231bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef91a0000 'C:\windows\system32\dhcpcsvc6.DLL'
33241bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
33251bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fde7b1:<flags> [calling]
33261bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa420000 'C:\windows\system32\IPHLPAPI.DLL'
33271bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
33281bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdd941:<flags> [calling]
33291bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa420000 'C:\windows\system32\Iphlpapi.dll'
33301bc0.eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
33311bc0.eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006fdd941:<flags> [calling]
33321bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa420000 'C:\windows\system32\Iphlpapi.dll'
33331bc0.eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecb1f0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
33341bc0.217c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
33351bc0.217c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000145cb1:<flags> [calling]
33361bc0.217c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\windows\system32\WINMM.dll'
33371bc0.1170: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\windows\system32\OLEAUT32.dll'
33381bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001130 pwszName=\Device\HarddiskVolume1\Windows\System32\mswsock.dll
33391bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
33401bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
33411bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
33421bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\mswsock.dll'
33431bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33441bc0.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33451bc0.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33461bc0.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
33471bc0.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
33481bc0.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mswsock.dll) WinVerifyTrust
33491bc0.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mswsock.dll
33501bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33511bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33521bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33531bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33541bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33551bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33561bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33571bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33581bc0.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000002363f171:<flags> [calling]
33591bc0.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mswsock.dll
33601bc0.3a0: supR3HardenedDllNotificationCallback: load 000007fefc0d0000 LB 0x00055000 C:\windows\system32\mswsock.dll [fFlags=0x0]
33611bc0.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mswsock.dll
33621bc0.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0d0000 'C:\windows\system32\mswsock.dll'
33631bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011a4 pwszName=\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
33641bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008d1ea0
33651bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008d1ea0
33661bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
33671bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL'
33681bc0.3a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33691bc0.3a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
33701bc0.3a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
33711bc0.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
33721bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
33731bc0.3a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
33741bc0.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000002363f311:<flags> [calling]
33751bc0.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
33761bc0.3a0: supR3HardenedDllNotificationCallback: load 000007fefbb30000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [fFlags=0x0]
33771bc0.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
33781bc0.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb30000 'C:\windows\System32\wshtcpip.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy