VirtualBox

Ticket #17985: VBoxHardening.log

File VBoxHardening.log, 373.0 KB (added by paolo_len, 6 years ago)
Line 
11324.bbc: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x611db000
21324.bbc: \SystemRoot\System32\ntdll.dll:
31324.bbc: CreationTime: 2017-12-27T16:17:42.754411400Z
41324.bbc: LastWriteTime: 2010-10-27T05:16:01.087520700Z
51324.bbc: ChangeTime: 2017-12-28T02:16:50.051600300Z
61324.bbc: FileAttributes: 0x20
71324.bbc: Size: 0x1a89a8
81324.bbc: NT Headers: 0xe8
91324.bbc: Timestamp: 0x4cc7b325
101324.bbc: Machine: 0x8664 - amd64
111324.bbc: Timestamp: 0x4cc7b325
121324.bbc: Image Version: 6.1
131324.bbc: SizeOfImage: 0x1ac000 (1753088)
141324.bbc: Resource Dir: 0x154000 LB 0x560d0
151324.bbc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161324.bbc: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)]
171324.bbc: ProductName: Microsoft® Windows® Operating System
181324.bbc: ProductVersion: 6.1.7600.16695
191324.bbc: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
201324.bbc: FileDescription: NT Layer DLL
211324.bbc: \SystemRoot\System32\kernel32.dll:
221324.bbc: CreationTime: 2017-12-27T16:15:39.420810600Z
231324.bbc: LastWriteTime: 2012-11-30T05:43:53.453000000Z
241324.bbc: ChangeTime: 2017-12-28T02:16:17.697200100Z
251324.bbc: FileAttributes: 0x20
261324.bbc: Size: 0x11b800
271324.bbc: NT Headers: 0xe0
281324.bbc: Timestamp: 0x50b84840
291324.bbc: Machine: 0x8664 - amd64
301324.bbc: Timestamp: 0x50b84840
311324.bbc: Image Version: 6.1
321324.bbc: SizeOfImage: 0x11f000 (1175552)
331324.bbc: Resource Dir: 0x116000 LB 0x520
341324.bbc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351324.bbc: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)]
361324.bbc: ProductName: Microsoft® Windows® Operating System
371324.bbc: ProductVersion: 6.1.7600.17179
381324.bbc: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
391324.bbc: FileDescription: Windows NT BASE API Client DLL
401324.bbc: \SystemRoot\System32\KernelBase.dll:
411324.bbc: CreationTime: 2017-12-27T16:15:39.576810600Z
421324.bbc: LastWriteTime: 2012-11-30T05:43:53.547000000Z
431324.bbc: ChangeTime: 2017-12-28T02:16:17.697200100Z
441324.bbc: FileAttributes: 0x20
451324.bbc: Size: 0x67c00
461324.bbc: NT Headers: 0xe8
471324.bbc: Timestamp: 0x50b84841
481324.bbc: Machine: 0x8664 - amd64
491324.bbc: Timestamp: 0x50b84841
501324.bbc: Image Version: 6.1
511324.bbc: SizeOfImage: 0x6c000 (442368)
521324.bbc: Resource Dir: 0x6a000 LB 0x528
531324.bbc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541324.bbc: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
551324.bbc: ProductName: Microsoft® Windows® Operating System
561324.bbc: ProductVersion: 6.1.7600.17179
571324.bbc: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
581324.bbc: FileDescription: Windows NT BASE API Client DLL
591324.bbc: \SystemRoot\System32\apisetschema.dll:
601324.bbc: CreationTime: 2009-07-13T23:18:54.866423200Z
611324.bbc: LastWriteTime: 2009-07-14T01:24:53.779000000Z
621324.bbc: ChangeTime: 2017-12-27T14:16:08.339602700Z
631324.bbc: FileAttributes: 0x20
641324.bbc: Size: 0x1a00
651324.bbc: NT Headers: 0xc0
661324.bbc: Timestamp: 0x4a5bdeab
671324.bbc: Machine: 0x8664 - amd64
681324.bbc: Timestamp: 0x4a5bdeab
691324.bbc: Image Version: 6.1
701324.bbc: SizeOfImage: 0x50000 (327680)
711324.bbc: Resource Dir: 0x30000 LB 0x3f0
721324.bbc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731324.bbc: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
741324.bbc: ProductName: Microsoft® Windows® Operating System
751324.bbc: ProductVersion: 6.1.7600.16385
761324.bbc: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
771324.bbc: FileDescription: ApiSet Schema DLL
781324.bbc: supR3HardenedWinFindAdversaries: 0x0
791324.bbc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
801324.bbc: Calling main()
811324.bbc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
821324.bbc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
831324.bbc: SUPR3HardenedMain: Respawn #1
841324.bbc: System32: \Device\HarddiskVolume3\Windows\System32
851324.bbc: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
861324.bbc: KnownDllPath: C:\Windows\system32
871324.bbc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
881324.bbc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
891324.bbc: supR3HardNtEnableThreadCreation:
901324.bbc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0
911324.bbc: supR3HardenedWinDoReSpawn(1): New child 9e0.344 [kernel32].
921324.bbc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd6000 cbPeb=0x380
931324.bbc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000
941324.bbc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779a2ac0
951324.bbc: supR3HardenedWinSetupChildInit: Start child.
961324.bbc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
971324.bbc: supR3HardNtChildPurify: Startup delay kludge #1/0: 257 ms, 32 sleeps
981324.bbc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
991324.bbc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1001324.bbc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1011324.bbc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1021324.bbc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1031324.bbc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1041324.bbc: 0000000000041000-000000000021ffff 0x0001/0x0000 0x0000000
1051324.bbc: *0000000000220000-000000000031bfff 0x0000/0x0004 0x0020000
1061324.bbc: 000000000031c000-000000000031dfff 0x0104/0x0004 0x0020000
1071324.bbc: 000000000031e000-000000000031ffff 0x0004/0x0004 0x0020000
1081324.bbc: 0000000000320000-000000007796ffff 0x0001/0x0000 0x0000000
1091324.bbc: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1101324.bbc: 0000000077971000-0000000077a73fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1111324.bbc: 0000000077a74000-0000000077aa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1121324.bbc: 0000000077aa4000-0000000077aaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1131324.bbc: 0000000077ab0000-0000000077b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1141324.bbc: 0000000077b1c000-000000007efdffff 0x0001/0x0000 0x0000000
1151324.bbc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1161324.bbc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1171324.bbc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1181324.bbc: 000000007fff0000-000000013fe0ffff 0x0001/0x0000 0x0000000
1191324.bbc: *000000013fe10000-000000013fe10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1201324.bbc: 000000013fe11000-000000013fe81fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1211324.bbc: 000000013fe82000-000000013fe82fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1221324.bbc: 000000013fe83000-000000013fec8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1231324.bbc: 000000013fec9000-000000013fec9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1241324.bbc: 000000013feca000-000000013fecafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1251324.bbc: 000000013fecb000-000000013fecffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1261324.bbc: 000000013fed0000-000000013fed0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1271324.bbc: 000000013fed1000-000000013fed1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1281324.bbc: 000000013fed2000-000000013fed5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1291324.bbc: 000000013fed6000-000000013ff1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
1301324.bbc: 000000013ff1e000-000007feffc8ffff 0x0001/0x0000 0x0000000
1311324.bbc: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
1321324.bbc: 000007feffc91000-000007fffffaffff 0x0001/0x0000 0x0000000
1331324.bbc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1341324.bbc: 000007fffffd3000-000007fffffd5fff 0x0001/0x0000 0x0000000
1351324.bbc: *000007fffffd6000-000007fffffd6fff 0x0004/0x0004 0x0020000
1361324.bbc: 000007fffffd7000-000007fffffddfff 0x0001/0x0000 0x0000000
1371324.bbc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
1381324.bbc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1391324.bbc: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
1401324.bbc: VirtualBox.exe: timestamp 0x5b72bf7e (rc=VINF_SUCCESS)
1411324.bbc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1421324.bbc: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
1431324.bbc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
1441324.bbc: supR3HardNtChildPurify: Done after 323 ms and 0 fixes (loop #0).
1459e0.344: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db000
1469e0.344: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db000
1479e0.344: ntdll.dll: timestamp 0x4cc7b325 (rc=VINF_SUCCESS)
1489e0.344: New simple heap: #1 0000000000320000 LB 0x400000 (for 1753088 allocation)
1491324.bbc: supR3HardNtEnableThreadCreation:
1509e0.344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1519e0.344: System32: \Device\HarddiskVolume3\Windows\System32
1529e0.344: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
1539e0.344: KnownDllPath: C:\Windows\system32
1549e0.344: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1559e0.344: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1569e0.344: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1579e0.344: Registered Dll notification callback with NTDLL.
1589e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
1599e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1609e0.344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1619e0.344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1629e0.344: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1639e0.344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1649e0.344: supR3HardenedDllNotificationCallback: load 000007fefda20000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1659e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
1669e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1679e0.344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
1689e0.344: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0
1691324.bbc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 123 ms.
1709e0.344: \SystemRoot\System32\ntdll.dll:
1719e0.344: CreationTime: 2017-12-27T16:17:42.754411400Z
1729e0.344: LastWriteTime: 2010-10-27T05:16:01.087520700Z
1739e0.344: ChangeTime: 2017-12-28T02:16:50.051600300Z
1749e0.344: FileAttributes: 0x20
1759e0.344: Size: 0x1a89a8
1769e0.344: NT Headers: 0xe8
1779e0.344: Timestamp: 0x4cc7b325
1789e0.344: Machine: 0x8664 - amd64
1799e0.344: Timestamp: 0x4cc7b325
1809e0.344: Image Version: 6.1
1819e0.344: SizeOfImage: 0x1ac000 (1753088)
1829e0.344: Resource Dir: 0x154000 LB 0x560d0
1839e0.344: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1849e0.344: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)]
1859e0.344: ProductName: Microsoft® Windows® Operating System
1869e0.344: ProductVersion: 6.1.7600.16695
1879e0.344: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
1889e0.344: FileDescription: NT Layer DLL
1899e0.344: \SystemRoot\System32\kernel32.dll:
1909e0.344: CreationTime: 2017-12-27T16:15:39.420810600Z
1919e0.344: LastWriteTime: 2012-11-30T05:43:53.453000000Z
1929e0.344: ChangeTime: 2017-12-28T02:16:17.697200100Z
1939e0.344: FileAttributes: 0x20
1949e0.344: Size: 0x11b800
1959e0.344: NT Headers: 0xe0
1969e0.344: Timestamp: 0x50b84840
1979e0.344: Machine: 0x8664 - amd64
1989e0.344: Timestamp: 0x50b84840
1999e0.344: Image Version: 6.1
2009e0.344: SizeOfImage: 0x11f000 (1175552)
2019e0.344: Resource Dir: 0x116000 LB 0x520
2029e0.344: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2039e0.344: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)]
2049e0.344: ProductName: Microsoft® Windows® Operating System
2059e0.344: ProductVersion: 6.1.7600.17179
2069e0.344: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
2079e0.344: FileDescription: Windows NT BASE API Client DLL
2089e0.344: \SystemRoot\System32\KernelBase.dll:
2099e0.344: CreationTime: 2017-12-27T16:15:39.576810600Z
2109e0.344: LastWriteTime: 2012-11-30T05:43:53.547000000Z
2119e0.344: ChangeTime: 2017-12-28T02:16:17.697200100Z
2129e0.344: FileAttributes: 0x20
2139e0.344: Size: 0x67c00
2149e0.344: NT Headers: 0xe8
2159e0.344: Timestamp: 0x50b84841
2169e0.344: Machine: 0x8664 - amd64
2179e0.344: Timestamp: 0x50b84841
2189e0.344: Image Version: 6.1
2199e0.344: SizeOfImage: 0x6c000 (442368)
2209e0.344: Resource Dir: 0x6a000 LB 0x528
2219e0.344: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2229e0.344: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2239e0.344: ProductName: Microsoft® Windows® Operating System
2249e0.344: ProductVersion: 6.1.7600.17179
2259e0.344: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
2269e0.344: FileDescription: Windows NT BASE API Client DLL
2279e0.344: \SystemRoot\System32\apisetschema.dll:
2289e0.344: CreationTime: 2009-07-13T23:18:54.866423200Z
2299e0.344: LastWriteTime: 2009-07-14T01:24:53.779000000Z
2309e0.344: ChangeTime: 2017-12-27T14:16:08.339602700Z
2319e0.344: FileAttributes: 0x20
2329e0.344: Size: 0x1a00
2339e0.344: NT Headers: 0xc0
2349e0.344: Timestamp: 0x4a5bdeab
2359e0.344: Machine: 0x8664 - amd64
2369e0.344: Timestamp: 0x4a5bdeab
2379e0.344: Image Version: 6.1
2389e0.344: SizeOfImage: 0x50000 (327680)
2399e0.344: Resource Dir: 0x30000 LB 0x3f0
2409e0.344: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2419e0.344: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
2429e0.344: ProductName: Microsoft® Windows® Operating System
2439e0.344: ProductVersion: 6.1.7600.16385
2449e0.344: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
2459e0.344: FileDescription: ApiSet Schema DLL
2469e0.344: supR3HardenedWinFindAdversaries: 0x0
2479e0.344: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2489e0.344: Calling main()
2499e0.344: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2509e0.344: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
2519e0.344: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2529e0.344: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2539e0.344: SUPR3HardenedMain: Respawn #2
2549e0.344: supR3HardNtEnableThreadCreation:
2559e0.344: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
2569e0.344: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
2579e0.344: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2589e0.344: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2599e0.344: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2609e0.344: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2619e0.344: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\apphelp.dll'
2629e0.344: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0
2639e0.344: supR3HardenedWinDoReSpawn(2): New child f6c.1068 [kernel32].
2649e0.344: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
2659e0.344: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000
2669e0.344: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779a2ac0
2679e0.344: supR3HardenedWinSetupChildInit: Start child.
2689e0.344: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2699e0.344: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
2709e0.344: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2719e0.344: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2729e0.344: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2739e0.344: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
2749e0.344: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
2759e0.344: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
2769e0.344: 0000000000041000-000000000011ffff 0x0001/0x0000 0x0000000
2779e0.344: *0000000000120000-000000000021bfff 0x0000/0x0004 0x0020000
2789e0.344: 000000000021c000-000000000021dfff 0x0104/0x0004 0x0020000
2799e0.344: 000000000021e000-000000000021ffff 0x0004/0x0004 0x0020000
2809e0.344: 0000000000220000-000000007796ffff 0x0001/0x0000 0x0000000
2819e0.344: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2829e0.344: 0000000077971000-0000000077a73fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2839e0.344: 0000000077a74000-0000000077aa3fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2849e0.344: 0000000077aa4000-0000000077aaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2859e0.344: 0000000077ab0000-0000000077b1bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2869e0.344: 0000000077b1c000-000000007efdffff 0x0001/0x0000 0x0000000
2879e0.344: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2889e0.344: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2899e0.344: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2909e0.344: 000000007fff0000-000000013fe0ffff 0x0001/0x0000 0x0000000
2919e0.344: *000000013fe10000-000000013fe10fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2929e0.344: 000000013fe11000-000000013fe81fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2939e0.344: 000000013fe82000-000000013fe82fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2949e0.344: 000000013fe83000-000000013fec8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2959e0.344: 000000013fec9000-000000013fec9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2969e0.344: 000000013feca000-000000013fecafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2979e0.344: 000000013fecb000-000000013fecffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2989e0.344: 000000013fed0000-000000013fed0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
2999e0.344: 000000013fed1000-000000013fed1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3009e0.344: 000000013fed2000-000000013fed5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3019e0.344: 000000013fed6000-000000013ff1dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
3029e0.344: 000000013ff1e000-000007feffc8ffff 0x0001/0x0000 0x0000000
3039e0.344: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
3049e0.344: 000007feffc91000-000007fffffaffff 0x0001/0x0000 0x0000000
3059e0.344: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3069e0.344: 000007fffffd3000-000007fffffdafff 0x0001/0x0000 0x0000000
3079e0.344: *000007fffffdb000-000007fffffdbfff 0x0004/0x0004 0x0020000
3089e0.344: 000007fffffdc000-000007fffffddfff 0x0001/0x0000 0x0000000
3099e0.344: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
3109e0.344: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3119e0.344: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
3129e0.344: VirtualBox.exe: timestamp 0x5b72bf7e (rc=VINF_SUCCESS)
3139e0.344: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3149e0.344: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
3159e0.344: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
3169e0.344: supR3HardNtChildPurify: Done after 330 ms and 0 fixes (loop #0).
317f6c.1068: Log file opened: 5.2.18r124319 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db000
318f6c.1068: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db000
319f6c.1068: ntdll.dll: timestamp 0x4cc7b325 (rc=VINF_SUCCESS)
320f6c.1068: New simple heap: #1 0000000000320000 LB 0x400000 (for 1753088 allocation)
3219e0.344: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
3229e0.344: supR3HardNtEnableThreadCreation:
323f6c.1068: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
324f6c.1068: System32: \Device\HarddiskVolume3\Windows\System32
325f6c.1068: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
326f6c.1068: KnownDllPath: C:\Windows\system32
327f6c.1068: supR3HardenedVmProcessInit: Opening vboxdrv...
328f6c.1068: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
329f6c.1068: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
330f6c.1068: Registered Dll notification callback with NTDLL.
331f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
332f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
333f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
334f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
335f6c.1068: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
336f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
337f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda20000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
338f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
339f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
340f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
341f6c.1068: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779a2ac0 pvNtTerminateThread=00000000779bfbe0
3429e0.344: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 275 ms.
343f6c.1068: \SystemRoot\System32\ntdll.dll:
344f6c.1068: CreationTime: 2017-12-27T16:17:42.754411400Z
345f6c.1068: LastWriteTime: 2010-10-27T05:16:01.087520700Z
346f6c.1068: ChangeTime: 2017-12-28T02:16:50.051600300Z
347f6c.1068: FileAttributes: 0x20
348f6c.1068: Size: 0x1a89a8
349f6c.1068: NT Headers: 0xe8
350f6c.1068: Timestamp: 0x4cc7b325
351f6c.1068: Machine: 0x8664 - amd64
352f6c.1068: Timestamp: 0x4cc7b325
353f6c.1068: Image Version: 6.1
354f6c.1068: SizeOfImage: 0x1ac000 (1753088)
355f6c.1068: Resource Dir: 0x154000 LB 0x560d0
356f6c.1068: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
357f6c.1068: [Raw version resource data: 0x1540f0 LB 0x378, codepage 0x0 (reserved 0x0)]
358f6c.1068: ProductName: Microsoft® Windows® Operating System
359f6c.1068: ProductVersion: 6.1.7600.16695
360f6c.1068: FileVersion: 6.1.7600.16695 (win7_gdr.101026-1503)
361f6c.1068: FileDescription: NT Layer DLL
362f6c.1068: \SystemRoot\System32\kernel32.dll:
363f6c.1068: CreationTime: 2017-12-27T16:15:39.420810600Z
364f6c.1068: LastWriteTime: 2012-11-30T05:43:53.453000000Z
365f6c.1068: ChangeTime: 2017-12-28T02:16:17.697200100Z
366f6c.1068: FileAttributes: 0x20
367f6c.1068: Size: 0x11b800
368f6c.1068: NT Headers: 0xe0
369f6c.1068: Timestamp: 0x50b84840
370f6c.1068: Machine: 0x8664 - amd64
371f6c.1068: Timestamp: 0x50b84840
372f6c.1068: Image Version: 6.1
373f6c.1068: SizeOfImage: 0x11f000 (1175552)
374f6c.1068: Resource Dir: 0x116000 LB 0x520
375f6c.1068: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
376f6c.1068: [Raw version resource data: 0x1160b0 LB 0x39c, codepage 0x0 (reserved 0x0)]
377f6c.1068: ProductName: Microsoft® Windows® Operating System
378f6c.1068: ProductVersion: 6.1.7600.17179
379f6c.1068: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
380f6c.1068: FileDescription: Windows NT BASE API Client DLL
381f6c.1068: \SystemRoot\System32\KernelBase.dll:
382f6c.1068: CreationTime: 2017-12-27T16:15:39.576810600Z
383f6c.1068: LastWriteTime: 2012-11-30T05:43:53.547000000Z
384f6c.1068: ChangeTime: 2017-12-28T02:16:17.697200100Z
385f6c.1068: FileAttributes: 0x20
386f6c.1068: Size: 0x67c00
387f6c.1068: NT Headers: 0xe8
388f6c.1068: Timestamp: 0x50b84841
389f6c.1068: Machine: 0x8664 - amd64
390f6c.1068: Timestamp: 0x50b84841
391f6c.1068: Image Version: 6.1
392f6c.1068: SizeOfImage: 0x6c000 (442368)
393f6c.1068: Resource Dir: 0x6a000 LB 0x528
394f6c.1068: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
395f6c.1068: [Raw version resource data: 0x6a0b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
396f6c.1068: ProductName: Microsoft® Windows® Operating System
397f6c.1068: ProductVersion: 6.1.7600.17179
398f6c.1068: FileVersion: 6.1.7600.17179 (win7_gdr.121129-1434)
399f6c.1068: FileDescription: Windows NT BASE API Client DLL
400f6c.1068: \SystemRoot\System32\apisetschema.dll:
401f6c.1068: CreationTime: 2009-07-13T23:18:54.866423200Z
402f6c.1068: LastWriteTime: 2009-07-14T01:24:53.779000000Z
403f6c.1068: ChangeTime: 2017-12-27T14:16:08.339602700Z
404f6c.1068: FileAttributes: 0x20
405f6c.1068: Size: 0x1a00
406f6c.1068: NT Headers: 0xc0
407f6c.1068: Timestamp: 0x4a5bdeab
408f6c.1068: Machine: 0x8664 - amd64
409f6c.1068: Timestamp: 0x4a5bdeab
410f6c.1068: Image Version: 6.1
411f6c.1068: SizeOfImage: 0x50000 (327680)
412f6c.1068: Resource Dir: 0x30000 LB 0x3f0
413f6c.1068: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
414f6c.1068: [Raw version resource data: 0x30060 LB 0x390, codepage 0x0 (reserved 0x0)]
415f6c.1068: ProductName: Microsoft® Windows® Operating System
416f6c.1068: ProductVersion: 6.1.7600.16385
417f6c.1068: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
418f6c.1068: FileDescription: ApiSet Schema DLL
419f6c.1068: supR3HardenedWinFindAdversaries: 0x0
420f6c.1068: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
421f6c.1068: Calling main()
422f6c.1068: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
423f6c.1068: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
424f6c.1068: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
425f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
426f6c.1068: SUPR3HardenedMain: Final process, opening VBoxDrv...
427f6c.1068: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
428f6c.1068: supR3HardNtEnableThreadCreation:
429f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
430f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
431f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000873cc0:C:\Windows\system32 [calling]
432f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
433f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa390000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
434f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
435f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
436f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
437f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
438f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
439f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
440f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
441f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
442f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
443f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
444f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
445f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
446f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
447f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
448f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
449f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
450f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
451f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
452f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
453f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
454f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
455f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
456f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
457f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
458f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
459f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
460f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
461f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
462f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
463f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
464f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
465f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
466f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
467f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
468f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
469f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
470f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
471f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
472f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000873cc0:C:\Windows\system32 [calling]
473f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
474f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd9c0000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
475f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
476f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdd80000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
477f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
478f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdb30000 LB 0x00166000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
479f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
480f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
481f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
482f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde60000 LB 0x0012e000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
483f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
484f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\Wintrust.dll'
485f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
486f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
487f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008b8ef0:C:\Windows\system32 [calling]
488f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
489f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
490f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
491f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\bcrypt.dll'
492f6c.1068: bcrypt.dll loaded at 000007fefd2b0000, BCryptOpenAlgorithmProvider at 000007fefd2b2640, preloading providers:
493f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
494f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
495f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
496f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
497f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
498f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
499f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
500f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
501f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
502f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
503f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
504f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
505f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
506f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
507f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
508f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
509f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
510f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
511f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
512f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
513f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
514f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcda0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
515f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
516f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
517f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
518f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
519f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
520f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
521f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
522f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde40000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
523f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
524f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\Windows\system32\bcryptprimitives.dll'
525f6c.1068: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008ba5d0)
526f6c.1068: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008bd490)
527f6c.1068: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008bd5b0)
528f6c.1068: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008bd7c0)
529f6c.1068: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008bd8e0)
530f6c.1068: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008bda00)
531f6c.1068: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008bdc40)
532f6c.1068: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008bdd60)
533f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
534f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
535f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
536f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
537f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
538f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
539f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
540f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
541f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
542f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
543f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
544f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
545f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll'
546f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
547f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
548f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
549f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
550f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
551f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
552f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
553f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
554f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefce60000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
555f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
556f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce60000 'C:\Windows\system32\rsaenh.dll'
557f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
558f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
559f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
560f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
561f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
562f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
563f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
564f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd7c0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
565f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
566f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\CRYPTBASE.dll'
567f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
568f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
569f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
570f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
571f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
572f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\WINTRUST.DLL'
573f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
574f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
575f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\CRYPT32.dll'
576f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
577f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
578f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
579f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
580f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
581f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
582f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
583f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
584f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
585f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
586f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
587f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
588f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefde20000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
589f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
590f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde20000 'C:\Windows\system32\imagehlp.dll'
591f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
592f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
593f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll'
594f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
595f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
596f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
597f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
598f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
599f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
600f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
601f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
602f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
603f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
604f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
605f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
606f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
607f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
608f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
609f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
610f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
611f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
612f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
613f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
614f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
615f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
616f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
617f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
618f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
619f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
620f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
621f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
622f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
623f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
624f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
625f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
626f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
627f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
628f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
629f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
630f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
631f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
632f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
633f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
634f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
635f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
636f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
637f6c.1068: supR3HardenedDllNotificationCallback: load 0000000077870000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
638f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
639f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa20000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
640f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
641f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff3e0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
642f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
643f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff100000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
644f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
645f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
646f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
647f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa20000 'C:\Windows\system32\gdi32.dll'
648f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
649f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
650f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
651f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
652f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
653f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
654f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
655f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
656f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
657f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
658f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
659f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
660f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
661f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
662f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
663f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
664f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
665f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
666f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
667f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
668f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
669f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
670f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
671f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
672f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
673f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
674f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
675f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
676f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
677f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
678f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
679f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
680f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
681f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff0d0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
682f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
683f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff490000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
684f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
685f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\IMM32.DLL'
686f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\USER32.dll'
687f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
688f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
689f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
690f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
691f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
692f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
693f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
694f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
695f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
696f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
697f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
698f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
699f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
700f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
701f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
702f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
703f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
704f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
705f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ncrypt.dll'
706f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
707f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
708f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\bcrypt.dll'
709f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
710f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
711f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
712f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
713f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
714f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
715f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
716f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
717f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
718f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
719f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
720f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
721f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
722f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
723f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
724f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
725f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
726f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
727f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
728f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
729f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
730f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
731f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
732f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
733f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
734f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
735f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\USERENV.dll'
736f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
737f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
738f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
739f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
740f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
741f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
742f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
743f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
744f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
745f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
746f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
747f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
748f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
749f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
750f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
751f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
752f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
753f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
754f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcbe0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
755f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
756f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbe0000 'C:\Windows\system32\GPAPI.dll'
757f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
758f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
759f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
760f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
761f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
762f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\rpcrt4.dll'
763f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
764f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
765f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L2-1-0.dll'
766f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
767f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
768f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
769f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
770f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
771f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
772f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
773f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
774f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
775f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
776f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
777f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
778f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
779f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
780f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
781f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
782f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
783f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
784f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
785f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
786f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
787f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
788f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
789f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
790f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef9c30000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
791f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
792f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefee20000 LB 0x00050000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
793f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
794f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
795f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
796f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
797f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
799f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
800f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
801f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
802f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
803f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
804f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
805f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
806f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
807f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
808f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
809f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
810f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
811f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
812f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
813f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
814f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
815f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
816f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
817f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
818f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
819f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
820f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
821f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
822f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
823f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
824f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
825f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
826f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
827f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
828f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
829f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
830f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
831f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
832f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
833f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
834f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
835f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
836f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
837f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
838f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
839f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
840f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
841f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\SHLWAPI.dll'
842f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
843f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
844f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
845f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
846f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
847f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\profapi.dll'
848f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
849f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
850f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
851f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
852f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
853f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
854f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
855f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll)
856f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
857f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
858f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
859f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
860f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
861f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devobj.dll)
862f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
863f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
864f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
865f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
866f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
867f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
868f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
869f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
870f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll)
871f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
872f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
873f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
874f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
875f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
876f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
877f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
878f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
879f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
880f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
881f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
882f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
883f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
884f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
885f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
886f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
887f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
888f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
889f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
890f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
891f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
892f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
893f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
894f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
895f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
896f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
897f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
898f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
899f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
900f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
901f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
902f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
903f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
904f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
905f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
906f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
907f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
908f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
909f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
910f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
911f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
912f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
913f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
914f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
915f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
916f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
917f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
918f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ole32.dll)
919f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
920f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
921f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
922f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
923f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
924f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
925f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
926f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
927f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
928f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
929f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
930f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
931f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
932f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
933f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
934f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
935f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
936f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
937f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
938f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
939f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
940f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
941f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
942f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
943f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
944f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
945f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
946f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
947f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [lacks WinVerifyTrust]
948f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
949f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [lacks WinVerifyTrust]
950f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
951f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
952f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
953f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
954f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
955f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cabinet.dll)
956f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cabinet.dll
957f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
958f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
959f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
960f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
961f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
962f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef97e0000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
963f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
964f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
965f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
966f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll)
967f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
968f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
969f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
970f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
971f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
972f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
973f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
974f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
975f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
976f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
977f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
978f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
979f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
980f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
981f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
982f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
983f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
984f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
985f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
986f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
987f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
988f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\RPCRT4.dll'
989f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
990f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
991f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
992f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
993f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
994f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
995f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
996f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
997f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
998f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
999f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
1000f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1001f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
1002f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1003f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
1004f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1005f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [lacks WinVerifyTrust]
1006f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1007f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [lacks WinVerifyTrust]
1008f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1009f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1010f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1011f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1012f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
1013f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1014f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1015f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
1016f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1017f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1018f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1019f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1020f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1021f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1022f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1023f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1024f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9c30000 'C:\Windows\system32\cryptnet.dll'
1025f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1026f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008b5080
1027f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1028f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B1CC1FB102B520EF6BF868B8979443077BF99576
1029f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1030f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1031f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1032f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1033f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1034f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1035f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1036f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1037f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1038f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1039f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1040f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
1041f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1042f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1043f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1044f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB2393802~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1045f6c.1068: g_pfnWinVerifyTrust=000007fefd9c1010
1046f6c.1068: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1047f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
1048f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1049f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1050f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9291EDBBC127C928AA153279BBEF3441A67E2E64
1051f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1052f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1053f6c.1068: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
1054f6c.1068: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1055f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
1056f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1057f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1058f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=25C526F88FFB65E5337FBED8DA970667B79A436D
1059f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1060f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1061f6c.1068: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
1062f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
1063f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1064f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1065f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
1066f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
1067f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1068f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
1069f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume3\Windows\System32\cabinet.dll
1070f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1071f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1072f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=61589F17FEF1FC8E13381FC488DFF9B97265ADC0
1073f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cabinet.dll'
1074f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1075f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cabinet.dll'
1076f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
1077f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1078f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1079f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E6E4E4C144C41C8DE8B6D14C0CEFC8466606238
1080f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB979687~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
1081f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1082f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ole32.dll'
1083f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1084f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1085f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1086f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C47113CE403595333AD5B6E07C7DAAD692CBCC3
1087f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
1088f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1089f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
1090f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1091f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1092f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1093f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B6AE55767DA0FEC9EE078C21F6B93D73CB0EC97B
1094f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
1095f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1096f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
1097f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
1098f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1099f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1100f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1101f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
1102f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1103f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll'
1104f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
1105f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1106f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1107f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EF521BA39AF0E47D1865BB0D35CE4A6F4445F683
1108f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
1109f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1110f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
1111f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000388 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1112f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1113f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1114f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=606ABB1FF11221B54B2441E9291FAEDE00F0A737
1115f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
1116f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1117f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
1118f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000037c pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
1119f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1120f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1121f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F91ABE7B7E6D1E87E7D4528AF218FE44B6223714
1122f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
1123f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1124f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
1125f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
1126f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1127f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1128f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
1129f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1130f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1131f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
1132f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000254 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
1133f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1134f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1135f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1136f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1137f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1138f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
1139f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
1140f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1141f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1142f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1143f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1144f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1145f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
1146f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
1147f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1148f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1149f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CECE64826F44D45DC4DC4EAD2487D4E902D28B2
1150f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
1151f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1152f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
1153f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
1154f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1155f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1156f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
1157f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
1158f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1159f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
1160f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
1161f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1162f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1163f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1164f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
1165f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1166f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
1167f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
1168f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1169f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1170f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1171f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1172f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1173f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
1174f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
1175f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1176f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1177f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=490BD33C335BD32EC161EED4A67F77D95677E4E5
1178f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
1179f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1180f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
1181f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
1182f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1183f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1184f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
1185f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
1186f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1187f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
1188f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
1189f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1190f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1191f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7EA80F9E71FDFA56CCF43E3C55C6720395894024
1192f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1193f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1194f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
1195f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
1196f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1197f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1198f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBA6014EFD27EA9F3D12C3683DEBF0C87F381DC9
1199f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
1200f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1201f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
1202f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
1203f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1204f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1205f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=19E59F7821F8166B726DD95DFEE4E7A4D77E03C3
1206f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1207f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1208f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
1209f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1210f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1211f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1212f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1213f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1214f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1215f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
1216f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
1217f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000128 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
1218f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1219f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1220f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1221f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1222f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1223f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
1224f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
1225f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1226f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1227f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1228f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1229f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1230f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
1231f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
1232f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1233f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1234f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
1235f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1236f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1237f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1238f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1239f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1240f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1241f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1242f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1243f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1244f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1245f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1246f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1247f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1248f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1249f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=857E2261585BED6E20976DC49046A04066510AC8
1250f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_7_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1251f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1252f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1253f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
1254f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1255f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1256f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F2501E3A272EEB34B9BC02F1FD262AE3BD138E8
1257f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB974571~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1258f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1259f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1260f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1261f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1262f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1263f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C14C7754CCAEF4A44E39D16017663B013F785504
1264f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1265f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1266f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1267f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1268f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1269f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1270f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1271f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1272f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1273f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1274f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1275f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1276f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1277f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1278f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1279f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1280f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1281f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1282f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1283f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1284f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll
1285f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1286f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1287f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
1288f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1289f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1290f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1291f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1292f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1293f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1294f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1295f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1296f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000024 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1297f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1298f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1299f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BDD7376E7A7F636F4FA916F3B438F5139EB262E7
1300f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_222_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1301f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1302f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1303f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000001c pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
1304f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1305f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1306f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF6E6BDB6DD0A1F360EC0B63067F7E6A84B10D
1307f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_222_for_KB2726535~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1308f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1309f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1310f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1311f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000927aa0:C:\Windows\system32 [calling]
1312f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\crypt32.dll'
1313f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1314f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1315f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1316f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1317f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1318f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1319f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1320f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1321f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1322f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1323f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1324f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1325f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1326f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1327f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1328f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1329f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1330f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1331f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1332f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1333f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1334f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1335f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1336f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1337f6c.1068: supR3HardenedWinIsDesiredRootCA: Adding 0xbd02ec9a4a02ab00 DC=len, DC=rovereto, CN=ratsbane-new
1338f6c.1068: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=25
1339f6c.1068: SUPR3HardenedMain: Load Runtime...
1340f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1341f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1342f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1343f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1344f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1345f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1346f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1347f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1348f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1349f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1350f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1351f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1352f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1353f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll
1354f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1355f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1356f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
1357f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1358f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1359f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1360f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1361f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1362f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1363f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1364f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1365f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1366f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1367f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1368f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1369f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1370f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1371f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1372f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1373f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1374f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1375f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1376f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1377f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5F4BCE98F931638C28C032093E78167736B880A
1378f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
1379f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1380f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1381f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1382f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1383f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1384f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1385f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1386f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1387f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1388f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1389f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
1390f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\nsi.dll)
1391f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
1392f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1393f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1394f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1395f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1396f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1397f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1398f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1399f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1400f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1401f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1402f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1403f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1404f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1405f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1406f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1407f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1408f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1409f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll
1410f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1411f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1412f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
1413f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1414f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1415f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1416f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1417f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1418f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1419f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1420f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1421f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1422f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1423f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1424f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1425f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1426f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1427f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1428f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll)
1429f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1430f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1431f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1432f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1433f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1434f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1435f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1436f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1437f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1438f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1439f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1440f6c.1068: supR3HardenedIsApiSetDll: '<NULL>' -> true
1441f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1442f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1443f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1444f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll
1445f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1446f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1447f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
1448f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1449f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1450f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1451f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1452f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1453f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1454f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1455f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1456f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1457f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1458f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef4b90000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1459f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1460f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1461f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074410000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1462f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
1463f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1464f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074370000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1465f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1466f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff6d0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1467f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1468f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffc70000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1469f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
1470f6c.1068: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'.
1471f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
1472f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\nsi.dll'.
1473f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rescheduled]
1474f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1475f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1476f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1477f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1478f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1479f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1480f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1481f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1482f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1483f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1484f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1485f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1486f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1487f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1488f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1489f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1490f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1491f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1492f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1493f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1494f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1495f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1496f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1497f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1498f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1499f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1500f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1501f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1502f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1503f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1504f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1505f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1506f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1507f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1508f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1509f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1510f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1511f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1512f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1513f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1514f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1515f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1516f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1517f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1518f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008740f0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1519f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1520f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1521f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1522f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1523f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1524f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009575c0:C:\Windows\system32 [calling]
1525f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\Wintrust.dll'
1526f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1527f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000009575c0:C:\Windows\system32 [calling]
1528f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\crypt32.dll'
1529f6c.1068: SUPR3HardenedMain: Load TrustedMain...
1530f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1531f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1532f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1533f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1534f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1535f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1536f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1537f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1538f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1539f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1540f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cabinet.dll
1541f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1542f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1543f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll
1544f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecca0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1545f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1546f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1547f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1548f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1549f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1550f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1551f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1552f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1553f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1554f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1555f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1556f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1557f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1558f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1559f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1560f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1561f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1562f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1563f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1564f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1565f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1566f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1567f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1568f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1569f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1570f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
1571f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1572f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1573f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1574f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
1575f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1576f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1577f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1578f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1579f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1580f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1581f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1582f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1583f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1584f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1585f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1586f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1587f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1588f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
1589f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1590f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1591f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE7D7A3901C2C2D6C3C0DBA60CA941301EDCFDFD
1592f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1593f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1594f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1595f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1596f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1597f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1598f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
1599f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1600f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1601f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1602f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1603f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1604f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1605f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1606f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1607f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1608f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1609f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1610f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1611f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1612f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1613f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1614f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1615f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1616f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1617f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1618f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1619f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1620f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1621f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1622f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1623f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1624f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1625f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1626f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1627f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1628f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1629f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1630f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1631f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1632f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1633f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1634f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1635f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1636f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1637f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1638f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1639f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1640f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1641f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1642f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1643f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1644f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1645f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1646f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1647f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'.
1648f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1649f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1650f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1651f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1652f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1653f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1654f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1655f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1656f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll)
1657f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1658f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1659f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1660f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'.
1661f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1662f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1663f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1664f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1665f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1666f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1667f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1668f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll)
1669f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1670f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1671f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1672f6c.1068: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'.
1673f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1674f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1675f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1676f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1677f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1678f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1679f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1680f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll)
1681f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1682f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1683f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1684f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1685f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1686f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1687f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1688f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1689f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1690f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1691f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1692f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1693f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1694f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1695f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1696f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1697f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1698f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1699f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1700f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1701f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1702f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1703f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1704f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1705f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1706f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1707f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1708f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1709f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1710f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1711f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1712f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1713f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1714f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1715f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1716f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1717f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'.
1718f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1719f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1720f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1721f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1722f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1723f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1724f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll)
1725f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1726f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1727f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1728f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1729f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1730f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1731f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1732f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1733f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1734f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1735f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1736f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
1737f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\mpr.dll)
1738f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1739f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1740f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1741f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1742f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1743f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1744f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1745f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1746f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1747f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1748f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1749f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1750f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1751f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1752f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1755f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1756f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
1757f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1758f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1759f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1760f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1761f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1762f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1763f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll)
1764f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1765f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1766f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1767f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
1768f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1769f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1770f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1771f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\glu32.dll)
1772f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1773f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1774f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1775f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1776f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1777f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1778f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1779f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1780f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1781f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1782f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1783f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1784f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
1785f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1788f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1789f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
1790f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1791f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1792f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1793f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
1794f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1795f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1796f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1797f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1798f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1799f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1800f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1801f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
1802f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1803f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1804f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1805f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll)
1806f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1807f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1808f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1809f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1810f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1811f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1812f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1813f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1814f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1815f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1816f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1817f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1818f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1819f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1820f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1821f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1822f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1823f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1824f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1825f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1826f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1827f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1828f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1829f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1830f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1831f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1832f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1833f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1834f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1835f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1836f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1837f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1838f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1839f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1840f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1841f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1842f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1843f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1844f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1845f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1846f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1847f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1848f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1849f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [redoing WinVerifyTrust]
1850f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1851f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1852f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
1853f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1854f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1855f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
1856f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1857f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1858f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1859f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1860f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1861f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1862f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll)
1863f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1864f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1865f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1866f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
1867f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1868f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1869f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1870f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\winspool.drv)
1871f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
1872f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1873f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1874f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [lacks WinVerifyTrust]
1875f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1876f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1877f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [lacks WinVerifyTrust]
1878f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1879f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1880f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [lacks WinVerifyTrust]
1881f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1882f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1883f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1884f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1885f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1886f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1887f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1888f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1889f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1890f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1891f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1892f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1893f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1894f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1895f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1896f6c.1068: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
1897f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1898f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1899f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1900f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll)
1901f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
1902f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1903f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1904f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1905f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1906f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1907f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1908f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1909f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1910f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1911f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1912f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1913f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1914f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1915f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1916f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1917f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1918f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1919f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1920f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1921f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1922f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1923f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1924f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1925f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1926f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1927f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1928f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1929f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1930f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1931f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll'
1932f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1933f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1934f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [redoing WinVerifyTrust]
1935f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1936f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1937f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1938f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1939f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1940f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1941f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1942f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1943f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1944f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1945f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1946f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1947f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1948f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1949f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll'
1950f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1951f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1952f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [redoing WinVerifyTrust]
1953f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1954f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1955f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1956f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1957f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1958f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1959f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1960f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1961f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1962f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1963f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1964f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1965f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1966f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll'
1967f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1968f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1969f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
1970f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
1971f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1972f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1973f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1974f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1975f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1976f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
1977f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
1978f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
1979f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feffa90000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
1980f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
1981f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
1982f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [flags=0x0]
1983f6c.1068: supR3HardenedDllNotificationCallback: Unload 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
1984f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll'
1985f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1986f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1987f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1988f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1989f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1990f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1991f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1992f6c.1068: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
1993f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1994f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
1995f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
1996f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1997f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1998f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1999f6c.1068: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
2000f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2001f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
2002f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef3900000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2003f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
2004f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2005f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef5790000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2006f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
2007f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2008f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef7ef0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2009f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
2010f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
2011f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef5340000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2012f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
2013f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
2014f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef7cd0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2015f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
2016f6c.1068: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2017f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd980000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2018f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2019f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff1d0000 LB 0x00202000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2020f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2021f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2022f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefbb20000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2023f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
2024f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2025f6c.1068: supR3HardenedDllNotificationCallback: load 0000000072fd0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2026f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2027f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefe090000 LB 0x00d87000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2028f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2029f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2030f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef9350000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
2031f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\mpr.dll [avoiding WinVerifyTrust]
2032f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2033f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef3300000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2034f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2035f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2036f6c.1068: supR3HardenedDllNotificationCallback: load 0000000072a60000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2037f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2038f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2039f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef6080000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2040f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2041f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
2042f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa0f0000 LB 0x00070000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2043f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
2044f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff980000 LB 0x00098000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2045f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll [avoiding WinVerifyTrust]
2046f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2047f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2048f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2049f6c.1068: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll)
2050f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll
2051f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa710000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\COMCTL32.dll [fFlags=0x0]
2052f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll [avoiding WinVerifyTrust]
2053f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2054f6c.1068: supR3HardenedDllNotificationCallback: load 0000000074310000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2055f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2056f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2057f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa2c0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2058f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2059f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll'.
2060f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16661_none_a44e1fc257f685f6\comctl32.dll' [rescheduled]
2061f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comctl32.dll'.
2062f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rescheduled]
2063f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\winspool.drv'.
2064f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rescheduled]
2065f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'.
2066f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rescheduled]
2067f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
2068f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
2069f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
2070f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
2071f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\glu32.dll'.
2072f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rescheduled]
2073f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ddraw.dll'.
2074f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rescheduled]
2075f6c.1068: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\mpr.dll'.
2076f6c.1068: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rescheduled]
2077f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2078f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2079f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2080f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2081f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2082f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2083f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2084f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecdc0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2085f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\imm32.dll'
2086f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.DLL'
2087f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
2088f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2089f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\cryptbase.dll'
2090f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3900000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2091f6c.1068: SUPR3HardenedMain: Calling TrustedMain (000007fef39014f0)...
2092f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll'
2093f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
2094f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
2095f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2096f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\profapi.dll'
2097f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2098f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97e0000 'C:\Windows\system32\Cabinet.dll'
2099f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\Windows\system32\DEVRTL.dll'
2100f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2101f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2102f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2103f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2104f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2105f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2106f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2107f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2108f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2109f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2110f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2111f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2112f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2113f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2114f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2115f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2116f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2117f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2118f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2119f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2120f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2121f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2122f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2123f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2124f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2125f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2126f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2127f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2128f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
2129f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2130f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2131f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2132f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2133f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2134f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
2135f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2136f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2137f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2138f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2139f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2140f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2141f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2142f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2143f6c.1068: supR3HardenedDllNotificationCallback: load 000007fef4a60000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2144f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2145f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4a60000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2146f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
2147f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2148f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7c0000 'C:\Windows\system32\CRYPTBASE.dll'
2149f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\user32.dll'
2150f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2151f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2152f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\shell32.dll'
2153f6c.1068: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2154f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
2155f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2156f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2157f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
2158f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2159f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2160f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
2161f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2162f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2163f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\shell32.dll'
2164f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000558 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2165f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2166f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2167f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2168f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
2169f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2170f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2171f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2172f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2173f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
2174f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2175f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2176f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2177f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2178f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2179f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2180f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2181f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2182f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2183f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefc1a0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2184f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
2185f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1a0000 'C:\Windows\system32\uxtheme.dll'
2186f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\advapi32.dll'
2187f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
2188f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2189f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\userenv.dll'
2190f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
2191f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2192f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
2193f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2194f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2195f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2196f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2197f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
2198f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2199f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2200f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2201f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2202f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2203f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2204f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2205f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust
2206f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2207f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2208f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2209f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2210f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2211f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2212f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2213f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2214f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2215f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2216f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2217f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2218f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2219f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2220f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2221f6c.1068: supR3HardenedDllNotificationCallback: load 000007feff3f0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2222f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
2223f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3f0000 'C:\Windows\system32\CLBCatQ.DLL'
2224f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
2225f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2226f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
2227f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
2228f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2229f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd160000 'C:\Windows\system32\CRYPTSP.dll'
2230f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
2231f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2232f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2233f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7190FCAE1D497CF28C08503A576285BB6F5EC724
2234f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll'
2235f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2236f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2237f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2238f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
2239f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2240f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2241f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2242f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
2243f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefd870000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2244f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
2245f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd870000 'C:\Windows\system32\RpcRtRemote.dll'
2246f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2247f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2248f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2249f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2250f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2251f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2252f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2253f6c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2254f6c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2255f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2256f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2257f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2258f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2259f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2260f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2261f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2262f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2263f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2264f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2265f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2266f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2267f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2268f6c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000913570:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2269f6c.448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2270f6c.448: supR3HardenedDllNotificationCallback: load 000007fef2db0000 LB 0x00546000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2271f6c.448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2272f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2db0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2273f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2274f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2275f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2276f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2277f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2278f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2279f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2280f6c.448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2281f6c.448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2282f6c.448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2283f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2284f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2285f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
2286f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2287f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2288f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2289f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2290f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2291f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2292f6c.448: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2293f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2294f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2295f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2296f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2297f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2298f6c.448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2299f6c.448: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000913570:C:\Program Files\Oracle\VirtualBox;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2300f6c.448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2301f6c.448: supR3HardenedDllNotificationCallback: load 000007fef56d0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2302f6c.448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2303f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef56d0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2304f6c.448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\oleaut32.dll'
2305f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
2306f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa20000 'C:\Windows\system32\gdi32.dll'
2307f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll'
2308f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll'
2309f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll'
2310f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000918 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2311f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2312f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2313f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2314f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
2315f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2316f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2317f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2318f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2319f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2320f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2321f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2322f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2323f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2324f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2325f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2326f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2327f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2328f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2329f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2330f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2331f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2332f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2333f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2334f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2335f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000091c pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2336f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2337f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2338f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28C1989B7914A37F8B8476A04FF90F25B8FA1A04
2339f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
2340f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2341f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2342f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2343f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2344f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2345f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2346f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
2347f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2348f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2349f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2350f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2351f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2352f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2353f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2354f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2355f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
2356f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2357f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2358f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2359f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2360f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2361f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2362f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2363f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2364f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa6b0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2365f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
2366f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2367f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2368f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2369f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6b0000 'C:\Windows\system32\wbem\wbemprox.dll'
2370f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000944 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2371f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2372f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2373f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2374f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
2375f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2376f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2377f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2378f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2379f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2380f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2381f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2382f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2383f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2384f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2385f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2386f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa400000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2387f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
2388f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa400000 'C:\Windows\system32\wbem\wbemsvc.dll'
2389f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000948 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2390f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2391f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2392f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2393f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
2394f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2395f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2396f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2397f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2398f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2399f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2400f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2401f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2402f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2403f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2404f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2405f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000928 pwszName=\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
2406f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2407f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2408f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2409f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll'
2410f6c.1068: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2411f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2412f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2413f6c.1068: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2414f6c.1068: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll) WinVerifyTrust
2415f6c.1068: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
2416f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2417f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2418f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2419f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2420f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2421f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2422f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2423f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2424f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
2425f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2426f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2427f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2428f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2429f6c.1068: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2430f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2431f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2432f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2433f6c.1068: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2434f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000951180:C:\Windows\system32\wbem;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2435f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2436f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa8c0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2437f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
2438f6c.1068: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
2439f6c.1068: supR3HardenedDllNotificationCallback: load 000007fefa7b0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2440f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
2441f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8c0000 'C:\Windows\system32\wbem\fastprox.dll'
2442f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll'
2443f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2444f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000034120d0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2445f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\WINMM.dll'
2446f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2447f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2448f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2449f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2450f6c.1110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2451f6c.1110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2452f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2453f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2454f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2455f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2456f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2457f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2458f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2459f6c.1110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2460f6c.1110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2461f6c.1110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2462f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2463f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2464f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2465f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2466f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2467f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2468f6c.1110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2469f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2470f6c.1110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2471f6c.1110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003411f20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2472f6c.1110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2473f6c.1110: supR3HardenedDllNotificationCallback: load 000007fef2ae0000 LB 0x002c9000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2474f6c.1110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2475f6c.1110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2476f6c.1110: supR3HardenedDllNotificationCallback: load 0000000074050000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2477f6c.1110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxREM.dll
2478f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2ae0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2479f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2480f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2481f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2482f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2483f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33DAA9CC6F997D3C2EE91D76DD0DB6F4CD4685FB
2484f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\netcfgx.dll'
2485f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2486f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2487f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2488f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2489f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2490f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2491f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2492f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2493f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2494f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netcfgx.dll) WinVerifyTrust
2495f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2496f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2497f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2498f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a60 pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2499f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2500f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2501f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9BC82F0D09DA90D52812F6F0F30999905E06ECB1
2502f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
2503f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2504f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2505f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2506f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2507f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2508f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2509f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2510f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2511f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2512f6c.d54: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\nsi.dll [redoing WinVerifyTrust]
2513f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000404 pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
2514f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2515f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2516f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
2517f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2518f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2519f6c.d54: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\nsi.dll'
2520f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2521f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2522f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2523f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2524f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2525f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2526f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2527f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2528f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2529f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2530f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2531f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2532f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2533f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2534f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2535f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2536f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2537f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll
2538f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2539f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2540f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2541f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
2542f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2543f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2544f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2545f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2546f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
2547f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2548f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2549f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2550f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2551f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2552f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2553f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2554f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2555f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
2556f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2557f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2558f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2559f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2560f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2561f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2562f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef4430000 LB 0x00083000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2563f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
2564f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2565f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb40000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2566f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2567f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2568f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb10000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2569f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
2570f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4430000 'C:\Windows\system32\netcfgx.dll'
2571f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\SETUPAPI.dll'
2572f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
2573f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003411f20:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2574f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9c0000 'C:\Windows\system32\WINTRUST.dll'
2575f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2576f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2577f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2578f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2579f6c.73c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2580f6c.73c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2581f6c.73c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2582f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2583f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2584f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2585f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2586f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2587f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2588f6c.73c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2589f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2590f6c.73c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2591f6c.73c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2592f6c.73c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2593f6c.73c: supR3HardenedDllNotificationCallback: load 000007fef7cc0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2594f6c.73c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2595f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7cc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2596f6c.73c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\User32.dll'
2597f6c.f58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2598f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2599f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2600f6c.f58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2601f6c.f58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2602f6c.f58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2603f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2604f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2605f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2606f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2607f6c.f58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
2608f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2609f6c.f58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2610f6c.f58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2611f6c.f58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2612f6c.f58: supR3HardenedDllNotificationCallback: load 000007fef7cb0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2613f6c.f58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2614f6c.f58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7cb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2615f6c.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2616f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2617f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2618f6c.cc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2619f6c.cc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2620f6c.cc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2621f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2622f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2623f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2624f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2625f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2626f6c.cc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2627f6c.cc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412310:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2628f6c.cc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2629f6c.cc8: supR3HardenedDllNotificationCallback: load 000007fef6070000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2630f6c.cc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2631f6c.cc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6070000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2632f6c.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2633f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2634f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2635f6c.6f4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2636f6c.6f4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2637f6c.6f4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2638f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2639f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2640f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2641f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2642f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2643f6c.6f4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2644f6c.6f4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
2645f6c.6f4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2646f6c.6f4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2647f6c.6f4: supR3HardenedDllNotificationCallback: load 000007fef6060000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2648f6c.6f4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2649f6c.6f4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6060000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2650f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
2651f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2652f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\Windows\system32\Shell32.dll'
2653f6c.d54: supR3HardenedIsApiSetDll: '<NULL>' -> true
2654f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2655f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2656f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2657f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2658f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2659f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2660f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2661f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2662f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2663f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2664f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2665f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2666f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2667f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2668f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2669f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2670f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2671f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2672f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
2673f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2674f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2675f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2676f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2677f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
2678f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2679f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2680f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2681f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2682f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2683f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2684f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2685f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2686f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2687f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2688f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2689f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2690f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2691f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2692f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2693f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2694f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2695f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2696f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2697f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2698f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2699f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2700f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2701f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2702f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2703f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2704f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2705f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2706f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2707f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2708f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2709f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2710f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2711f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2712f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2713f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2714f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2715f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2716f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2717f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2718f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2719f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2720f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2721f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2722f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef2110000 LB 0x009cd000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2723f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
2724f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2725f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef49f0000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2726f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2727f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2728f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef4990000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2729f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2730f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2110000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2731f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2732f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
2733f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2734f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2db0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2735f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2736f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2737f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2738f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4990000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2739f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2740f6c.e10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\setupapi.dll'
2741f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2742f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2743f6c.e10: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2744f6c.e10: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2745f6c.e10: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2746f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2747f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2748f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2749f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2750f6c.e10: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2751f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2752f6c.e10: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2753f6c.e10: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412700:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2754f6c.e10: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2755f6c.e10: supR3HardenedDllNotificationCallback: load 000007fef6030000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2756f6c.e10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2757f6c.e10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6030000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2758f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
2759f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db4 pwszName=\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2760f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2761f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2762f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2763f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll'
2764f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2765f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2766f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2767f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2768f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2769f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2770f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2771f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2772f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2773f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc0 pwszName=\Device\HarddiskVolume3\Windows\System32\propsys.dll
2774f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2775f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2776f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C32CA584C662CDEB3E782255E761116DDE1DBD3
2777f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\propsys.dll'
2778f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2779f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2780f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2781f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2782f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2783f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2784f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
2785f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
2786f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2787f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2788f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2789f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2790f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2791f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2792f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2793f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2794f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2795f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2796f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2797f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2798f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2799f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2800f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2801f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2802f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2803f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2804f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbcc0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2805f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2806f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
2807f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefbb90000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2808f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
2809f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ADVAPI32.dll'
2810f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\System32\MMDevApi.dll'
2811f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll'
2812f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\Windows\system32\SETUPAPI.dll'
2813f6c.13fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
2814f6c.13fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2815f6c.13fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd980000 'C:\Windows\system32\CFGMGR32.dll'
2816f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume3\Windows\System32\dsound.dll
2817f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2818f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2819f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2820f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\dsound.dll'
2821f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2822f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2823f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2824f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2825f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2826f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2827f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2828f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dsound.dll) WinVerifyTrust
2829f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dsound.dll
2830f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2831f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume3\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2832f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e14 pwszName=\Device\HarddiskVolume3\Windows\System32\powrprof.dll
2833f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2834f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2835f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2836f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\powrprof.dll'
2837f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2838f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2839f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2840f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2841f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\powrprof.dll) WinVerifyTrust
2842f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\powrprof.dll
2843f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2844f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2845f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2846f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2847f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2848f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
2849f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2850f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2851f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2852f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2853f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2854f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2855f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2856f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2857f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2858f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2859f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2860f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2861f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2862f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2863f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef7150000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2864f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2865f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
2866f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefb320000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2867f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\powrprof.dll
2868f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2869f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2870f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\System32\dsound.dll'
2871f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\System32\dsound.dll'
2872f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
2873f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2874f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll'
2875f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
2876f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2877f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\Windows\system32\SHLWAPI.dll'
2878f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2879f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2880f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\system32\MMDEVAPI.DLL'
2881f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff1d0000 'C:\Windows\system32\ole32.dll'
2882f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
2883f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2884f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
2885f6c.d54: supR3HardenedIsApiSetDll: '<NULL>' -> true
2886f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2887f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2888f6c.d54: supR3HardenedIsApiSetDll: '<NULL>' -> true
2889f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2890f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2891f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde60000 'C:\Windows\system32\RPCRT4.dll'
2892f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2893f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2894f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcc0000 'C:\Windows\system32\MMDevAPI.DLL'
2895f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2896f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2897f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2898f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=103A71CA09BB9A4F234C7136EEDBC1E4926C293C
2899f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wdmaud.drv'
2900f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2901f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2902f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2903f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2904f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2905f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2906f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2907f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2908f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2909f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wdmaud.drv) WinVerifyTrust
2910f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2911f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2912f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2913f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume3\Windows\System32\avrt.dll
2914f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2915f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2916f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2917f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\avrt.dll'
2918f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2919f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\avrt.dll) WinVerifyTrust
2920f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\avrt.dll
2921f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2922f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2923f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2924f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2925f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume3\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2926f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume3\Windows\System32\ksuser.dll
2927f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2928f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2929f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC3873F9ACBE279185D3540F02128F42D21D0856
2930f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ksuser.dll'
2931f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2932f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2933f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ksuser.dll) WinVerifyTrust
2934f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ksuser.dll
2935f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2936f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2937f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2938f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2939f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2940f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2941f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2942f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2943f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2944f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2945f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2946f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2947f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2948f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2949f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6f50000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2950f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2951f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
2952f6c.d54: supR3HardenedDllNotificationCallback: load 0000000074190000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
2953f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ksuser.dll
2954f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
2955f6c.d54: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
2956f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
2957f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv'
2958f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2959f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2960f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv'
2961f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2962f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412790:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2963f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv'
2964f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2965f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2966f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv'
2967f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wdmaud.drv
2968f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
2969f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f50000 'C:\Windows\system32\wdmaud.drv'
2970f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e78 pwszName=\Device\HarddiskVolume3\Windows\System32\AudioSes.dll
2971f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
2972f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
2973f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7CD903FCBEF1C4CEA76A8749243ABDBC9CB53290
2974f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\AudioSes.dll'
2975f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2976f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2977f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2978f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2979f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2980f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2981f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2982f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2983f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\AudioSes.dll) WinVerifyTrust
2984f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
2985f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2986f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2987f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
2988f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2989f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2990f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2991f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2992f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2993f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2994f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2995f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2996f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2997f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2998f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2999f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3000f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3001f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3002f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6320000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
3003f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3004f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6320000 'C:\Windows\system32\AUDIOSES.DLL'
3005f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e58 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.drv
3006f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
3007f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
3008f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3009f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.drv'
3010f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3011f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3012f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3013f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3014f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3015f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3016f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.drv) WinVerifyTrust
3017f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3018f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3019f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3020f6c.d54: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
3021f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3022f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3023f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e84 pwszName=\Device\HarddiskVolume3\Windows\System32\msacm32.dll
3024f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
3025f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
3026f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3027f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\msacm32.dll'
3028f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3029f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3030f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3031f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3032f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3033f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3034f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\msacm32.dll) WinVerifyTrust
3035f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3036f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3037f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3038f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3039f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3040f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3041f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3042f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3043f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3044f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3045f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3046f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3047f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3048f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3049f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3050f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3051f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3052f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3053f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3054f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef6310000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3055f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3056f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3057f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef5f90000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
3058f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.dll
3059f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3060f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3061f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3062f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3063f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3064f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3065f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3066f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3067f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3068f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3069f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3070f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3071f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3072f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3073f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3074f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3075f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msacm32.drv
3076f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3077f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3078f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3079f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3080f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6310000 'C:\Windows\system32\msacm32.drv'
3081f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume3\Windows\System32\midimap.dll
3082f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008b5080
3083f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008b5080
3084f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3085f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\midimap.dll'
3086f6c.d54: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3087f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3088f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3089f6c.d54: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3090f6c.d54: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\midimap.dll) WinVerifyTrust
3091f6c.d54: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\midimap.dll
3092f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3093f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3094f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3095f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3096f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3097f6c.d54: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3098f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3099f6c.d54: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3100f6c.d54: supR3HardenedDllNotificationCallback: load 000007fef5f80000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3101f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3102f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll'
3103f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3104f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3105f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll'
3106f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3107f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3108f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll'
3109f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\midimap.dll
3110f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3111f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Windows\system32\midimap.dll'
3112f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
3113f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3114f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000003412c10:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3115f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll'
3116f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
3117f6c.1110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.dll'
3118f6c.1068: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
3119f6c.1068: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3120f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff490000 'C:\Windows\system32\MSCTF.dll'
3121f6c.1068: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\Windows\system32\OLEAUT32.DLL'
3122f6c.12a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3123f6c.12a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed6c0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3124f6c.12a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll'
3125f6c.12a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
3126f6c.750: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\AudioSes.dll
3127f6c.750: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000955910:C:\Windows\System32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3128f6c.750: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6320000 'C:\Windows\System32\audioses.dll'
3129f6c.b60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\avrt.dll
3130f6c.b60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ecb80:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3131f6c.b60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb310000 'C:\Windows\system32\avrt.dll'
3132f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3133f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3134f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll'
3135f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
3136f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed630:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3137f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'
3138f6c.d54: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dsound.dll
3139f6c.d54: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008ed090:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
3140f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7150000 'C:\Windows\system32\dsound.dll'
3141f6c.d54: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\Windows\system32\winmm.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy