VirtualBox

Ticket #18149: VBoxHardening.log

File VBoxHardening.log, 395.6 KB (added by oksijun, 6 years ago)

VBoxHardening.log

Line 
12a24.1608: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
22a24.1608: \SystemRoot\System32\ntdll.dll:
32a24.1608: CreationTime: 2018-10-28T20:08:58.772325400Z
42a24.1608: LastWriteTime: 2018-09-09T01:01:09.217925500Z
52a24.1608: ChangeTime: 2018-10-29T00:35:00.363494300Z
62a24.1608: FileAttributes: 0x20
72a24.1608: Size: 0x196540
82a24.1608: NT Headers: 0xe0
92a24.1608: Timestamp: 0x5b9470be
102a24.1608: Machine: 0x8664 - amd64
112a24.1608: Timestamp: 0x5b9470be
122a24.1608: Image Version: 6.1
132a24.1608: SizeOfImage: 0x19f000 (1699840)
142a24.1608: Resource Dir: 0x142000 LB 0x5a028
152a24.1608: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
162a24.1608: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
172a24.1608: ProductName: Microsoft® Windows® Operating System
182a24.1608: ProductVersion: 6.1.7601.24260
192a24.1608: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
202a24.1608: FileDescription: NT Layer DLL
212a24.1608: \SystemRoot\System32\kernel32.dll:
222a24.1608: CreationTime: 2018-10-28T20:09:02.682825400Z
232a24.1608: LastWriteTime: 2018-09-09T00:58:53.133000000Z
242a24.1608: ChangeTime: 2018-10-29T00:35:10.659824300Z
252a24.1608: FileAttributes: 0x20
262a24.1608: Size: 0x11c000
272a24.1608: NT Headers: 0xe0
282a24.1608: Timestamp: 0x5b9470f3
292a24.1608: Machine: 0x8664 - amd64
302a24.1608: Timestamp: 0x5b9470f3
312a24.1608: Image Version: 6.1
322a24.1608: SizeOfImage: 0x11f000 (1175552)
332a24.1608: Resource Dir: 0x116000 LB 0x528
342a24.1608: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
352a24.1608: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
362a24.1608: ProductName: Microsoft® Windows® Operating System
372a24.1608: ProductVersion: 6.1.7601.24260
382a24.1608: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
392a24.1608: FileDescription: Windows NT BASE API Client DLL
402a24.1608: \SystemRoot\System32\KernelBase.dll:
412a24.1608: CreationTime: 2018-10-28T20:09:03.349325400Z
422a24.1608: LastWriteTime: 2018-09-09T00:58:53.163000000Z
432a24.1608: ChangeTime: 2018-10-29T00:35:10.769027800Z
442a24.1608: FileAttributes: 0x20
452a24.1608: Size: 0x66800
462a24.1608: NT Headers: 0xe8
472a24.1608: Timestamp: 0x5b9470f4
482a24.1608: Machine: 0x8664 - amd64
492a24.1608: Timestamp: 0x5b9470f4
502a24.1608: Image Version: 6.1
512a24.1608: SizeOfImage: 0x6a000 (434176)
522a24.1608: Resource Dir: 0x68000 LB 0x530
532a24.1608: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
542a24.1608: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
552a24.1608: ProductName: Microsoft® Windows® Operating System
562a24.1608: ProductVersion: 6.1.7601.24260
572a24.1608: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
582a24.1608: FileDescription: Windows NT BASE API Client DLL
592a24.1608: \SystemRoot\System32\apisetschema.dll:
602a24.1608: CreationTime: 2018-10-28T20:09:06.516325400Z
612a24.1608: LastWriteTime: 2018-09-09T00:57:42.822000000Z
622a24.1608: ChangeTime: 2018-10-29T00:34:59.552268300Z
632a24.1608: FileAttributes: 0x20
642a24.1608: Size: 0x1a00
652a24.1608: NT Headers: 0xc0
662a24.1608: Timestamp: 0x5b94704b
672a24.1608: Machine: 0x8664 - amd64
682a24.1608: Timestamp: 0x5b94704b
692a24.1608: Image Version: 6.1
702a24.1608: SizeOfImage: 0x50000 (327680)
712a24.1608: Resource Dir: 0x30000 LB 0x3f8
722a24.1608: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
732a24.1608: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
742a24.1608: ProductName: Microsoft® Windows® Operating System
752a24.1608: ProductVersion: 6.1.7601.24260
762a24.1608: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
772a24.1608: FileDescription: ApiSet Schema DLL
782a24.1608: Found driver NisDrv (0x400)
792a24.1608: supR3HardenedWinFindAdversaries: 0x400
802a24.1608: \SystemRoot\System32\drivers\MpFilter.sys:
812a24.1608: CreationTime: 2016-08-25T09:46:12.000000000Z
822a24.1608: LastWriteTime: 2016-08-25T09:46:12.000000000Z
832a24.1608: ChangeTime: 2017-01-30T18:02:25.920719100Z
842a24.1608: FileAttributes: 0x20
852a24.1608: Size: 0x48058
862a24.1608: NT Headers: 0xe8
872a24.1608: Timestamp: 0x57a90f3d
882a24.1608: Machine: 0x8664 - amd64
892a24.1608: Timestamp: 0x57a90f3d
902a24.1608: Image Version: 10.0
912a24.1608: SizeOfImage: 0x48000 (294912)
922a24.1608: Resource Dir: 0x45000 LB 0x1090
932a24.1608: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
942a24.1608: [Raw version resource data: 0x45110 LB 0x37c, codepage 0x0 (reserved 0x0)]
952a24.1608: ProductName: Microsoft Malware Protection
962a24.1608: ProductVersion: 4.10.0202.0
972a24.1608: FileVersion: 4.10.0202.0
982a24.1608: FileDescription: Microsoft antimalware file system filter driver
992a24.1608: \SystemRoot\System32\drivers\NisDrvWFP.sys:
1002a24.1608: CreationTime: 2014-03-11T07:52:30.000000000Z
1012a24.1608: LastWriteTime: 2016-08-25T09:46:12.000000000Z
1022a24.1608: ChangeTime: 2017-01-30T18:02:23.415218100Z
1032a24.1608: FileAttributes: 0x20
1042a24.1608: Size: 0x212f8
1052a24.1608: NT Headers: 0xe8
1062a24.1608: Timestamp: 0x57a90f42
1072a24.1608: Machine: 0x8664 - amd64
1082a24.1608: Timestamp: 0x57a90f42
1092a24.1608: Image Version: 10.0
1102a24.1608: SizeOfImage: 0x20000 (131072)
1112a24.1608: Resource Dir: 0x1d000 LB 0x1b90
1122a24.1608: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
1132a24.1608: [Raw version resource data: 0x1e728 LB 0x380, codepage 0x0 (reserved 0x0)]
1142a24.1608: ProductName: Microsoft Malware Protection
1152a24.1608: ProductVersion: 4.10.0202.0
1162a24.1608: FileVersion: 4.10.0202.0
1172a24.1608: FileDescription: Microsoft Network Realtime Inspection Driver
1182a24.1608: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1192a24.1608: Calling main()
1202a24.1608: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1212a24.1608: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1222a24.1608: SUPR3HardenedMain: Respawn #1
1232a24.1608: System32: \Device\HarddiskVolume1\Windows\System32
1242a24.1608: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
1252a24.1608: KnownDllPath: C:\Windows\system32
1262a24.1608: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1272a24.1608: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1282a24.1608: supR3HardNtEnableThreadCreation:
1292a24.1608: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000774e3710 pvNtTerminateThread=0000000077509db0
1302a24.1608: supR3HardenedWinDoReSpawn(1): New child 1390.2908 [kernel32].
1312a24.1608: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1322a24.1608: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000774a0000 uNtDllChildAddr=00000000774a0000
1332a24.1608: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000774e3710
1342a24.1608: supR3HardenedWinSetupChildInit: Start child.
1352a24.1608: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 5 ms.
1362a24.1608: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
1372a24.1608: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1382a24.1608: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1392a24.1608: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1402a24.1608: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1412a24.1608: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1422a24.1608: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1432a24.1608: 0000000000041000-000000000013ffff 0x0001/0x0000 0x0000000
1442a24.1608: *0000000000140000-000000000023bfff 0x0000/0x0004 0x0020000
1452a24.1608: 000000000023c000-000000000023dfff 0x0104/0x0004 0x0020000
1462a24.1608: 000000000023e000-000000000023ffff 0x0004/0x0004 0x0020000
1472a24.1608: 0000000000240000-000000007749ffff 0x0001/0x0000 0x0000000
1482a24.1608: *00000000774a0000-00000000774a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1492a24.1608: 00000000774a1000-00000000775c4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1502a24.1608: 00000000775c5000-00000000775cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1512a24.1608: 00000000775cb000-00000000775cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1522a24.1608: 00000000775cc000-00000000775d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1532a24.1608: 00000000775d4000-000000007763efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1542a24.1608: 000000007763f000-000000007efdffff 0x0001/0x0000 0x0000000
1552a24.1608: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1562a24.1608: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1572a24.1608: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1582a24.1608: 000000007fff0000-000000013f2affff 0x0001/0x0000 0x0000000
1592a24.1608: *000000013f2b0000-000000013f2b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1602a24.1608: 000000013f2b1000-000000013f321fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1612a24.1608: 000000013f322000-000000013f322fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1622a24.1608: 000000013f323000-000000013f368fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1632a24.1608: 000000013f369000-000000013f369fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1642a24.1608: 000000013f36a000-000000013f36afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1652a24.1608: 000000013f36b000-000000013f36ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1662a24.1608: 000000013f370000-000000013f370fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1672a24.1608: 000000013f371000-000000013f371fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1682a24.1608: 000000013f372000-000000013f375fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1692a24.1608: 000000013f376000-000000013f3bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
1702a24.1608: 000000013f3be000-000007feff79ffff 0x0001/0x0000 0x0000000
1712a24.1608: *000007feff7a0000-000007feff7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
1722a24.1608: 000007feff7a1000-000007fffffaffff 0x0001/0x0000 0x0000000
1732a24.1608: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1742a24.1608: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
1752a24.1608: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
1762a24.1608: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
1772a24.1608: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1782a24.1608: apisetschema.dll: timestamp 0x5b94704b (rc=VINF_SUCCESS)
1792a24.1608: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS)
1802a24.1608: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1812a24.1608: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
1822a24.1608: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
1832a24.1608: supR3HardNtChildPurify: Done after 563 ms and 0 fixes (loop #0).
1841390.2908: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1851390.2908: supR3HardenedVmProcessInit: uNtDllAddr=00000000774a0000 g_uNtVerCombined=0x611db100
1861390.2908: ntdll.dll: timestamp 0x5b9470be (rc=VINF_SUCCESS)
1871390.2908: New simple heap: #1 0000000000340000 LB 0x400000 (for 1699840 allocation)
1882a24.1608: supR3HardNtEnableThreadCreation:
1891390.2908: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1901390.2908: System32: \Device\HarddiskVolume1\Windows\System32
1911390.2908: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
1921390.2908: KnownDllPath: C:\Windows\system32
1931390.2908: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1941390.2908: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1951390.2908: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1961390.2908: Registered Dll notification callback with NTDLL.
1971390.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
1981390.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1991390.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2001390.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2011390.2908: supR3HardenedDllNotificationCallback: load 0000000077180000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2021390.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2031390.2908: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2041390.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
2051390.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
2061390.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\kernel32.dll'
2071390.2908: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000774e3710 pvNtTerminateThread=0000000077509db0
2082a24.1608: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
2091390.2908: \SystemRoot\System32\ntdll.dll:
2101390.2908: CreationTime: 2018-10-28T20:08:58.772325400Z
2111390.2908: LastWriteTime: 2018-09-09T01:01:09.217925500Z
2121390.2908: ChangeTime: 2018-10-29T00:35:00.363494300Z
2131390.2908: FileAttributes: 0x20
2141390.2908: Size: 0x196540
2151390.2908: NT Headers: 0xe0
2161390.2908: Timestamp: 0x5b9470be
2171390.2908: Machine: 0x8664 - amd64
2181390.2908: Timestamp: 0x5b9470be
2191390.2908: Image Version: 6.1
2201390.2908: SizeOfImage: 0x19f000 (1699840)
2211390.2908: Resource Dir: 0x142000 LB 0x5a028
2221390.2908: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2231390.2908: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
2241390.2908: ProductName: Microsoft® Windows® Operating System
2251390.2908: ProductVersion: 6.1.7601.24260
2261390.2908: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
2271390.2908: FileDescription: NT Layer DLL
2281390.2908: \SystemRoot\System32\kernel32.dll:
2291390.2908: CreationTime: 2018-10-28T20:09:02.682825400Z
2301390.2908: LastWriteTime: 2018-09-09T00:58:53.133000000Z
2311390.2908: ChangeTime: 2018-10-29T00:35:10.659824300Z
2321390.2908: FileAttributes: 0x20
2331390.2908: Size: 0x11c000
2341390.2908: NT Headers: 0xe0
2351390.2908: Timestamp: 0x5b9470f3
2361390.2908: Machine: 0x8664 - amd64
2371390.2908: Timestamp: 0x5b9470f3
2381390.2908: Image Version: 6.1
2391390.2908: SizeOfImage: 0x11f000 (1175552)
2401390.2908: Resource Dir: 0x116000 LB 0x528
2411390.2908: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2421390.2908: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2431390.2908: ProductName: Microsoft® Windows® Operating System
2441390.2908: ProductVersion: 6.1.7601.24260
2451390.2908: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
2461390.2908: FileDescription: Windows NT BASE API Client DLL
2471390.2908: \SystemRoot\System32\KernelBase.dll:
2481390.2908: CreationTime: 2018-10-28T20:09:03.349325400Z
2491390.2908: LastWriteTime: 2018-09-09T00:58:53.163000000Z
2501390.2908: ChangeTime: 2018-10-29T00:35:10.769027800Z
2511390.2908: FileAttributes: 0x20
2521390.2908: Size: 0x66800
2531390.2908: NT Headers: 0xe8
2541390.2908: Timestamp: 0x5b9470f4
2551390.2908: Machine: 0x8664 - amd64
2561390.2908: Timestamp: 0x5b9470f4
2571390.2908: Image Version: 6.1
2581390.2908: SizeOfImage: 0x6a000 (434176)
2591390.2908: Resource Dir: 0x68000 LB 0x530
2601390.2908: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2611390.2908: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
2621390.2908: ProductName: Microsoft® Windows® Operating System
2631390.2908: ProductVersion: 6.1.7601.24260
2641390.2908: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
2651390.2908: FileDescription: Windows NT BASE API Client DLL
2661390.2908: \SystemRoot\System32\apisetschema.dll:
2671390.2908: CreationTime: 2018-10-28T20:09:06.516325400Z
2681390.2908: LastWriteTime: 2018-09-09T00:57:42.822000000Z
2691390.2908: ChangeTime: 2018-10-29T00:34:59.552268300Z
2701390.2908: FileAttributes: 0x20
2711390.2908: Size: 0x1a00
2721390.2908: NT Headers: 0xc0
2731390.2908: Timestamp: 0x5b94704b
2741390.2908: Machine: 0x8664 - amd64
2751390.2908: Timestamp: 0x5b94704b
2761390.2908: Image Version: 6.1
2771390.2908: SizeOfImage: 0x50000 (327680)
2781390.2908: Resource Dir: 0x30000 LB 0x3f8
2791390.2908: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2801390.2908: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
2811390.2908: ProductName: Microsoft® Windows® Operating System
2821390.2908: ProductVersion: 6.1.7601.24260
2831390.2908: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
2841390.2908: FileDescription: ApiSet Schema DLL
2851390.2908: Found driver NisDrv (0x400)
2861390.2908: supR3HardenedWinFindAdversaries: 0x400
2871390.2908: \SystemRoot\System32\drivers\MpFilter.sys:
2881390.2908: CreationTime: 2016-08-25T09:46:12.000000000Z
2891390.2908: LastWriteTime: 2016-08-25T09:46:12.000000000Z
2901390.2908: ChangeTime: 2017-01-30T18:02:25.920719100Z
2911390.2908: FileAttributes: 0x20
2921390.2908: Size: 0x48058
2931390.2908: NT Headers: 0xe8
2941390.2908: Timestamp: 0x57a90f3d
2951390.2908: Machine: 0x8664 - amd64
2961390.2908: Timestamp: 0x57a90f3d
2971390.2908: Image Version: 10.0
2981390.2908: SizeOfImage: 0x48000 (294912)
2991390.2908: Resource Dir: 0x45000 LB 0x1090
3001390.2908: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3011390.2908: [Raw version resource data: 0x45110 LB 0x37c, codepage 0x0 (reserved 0x0)]
3021390.2908: ProductName: Microsoft Malware Protection
3031390.2908: ProductVersion: 4.10.0202.0
3041390.2908: FileVersion: 4.10.0202.0
3051390.2908: FileDescription: Microsoft antimalware file system filter driver
3061390.2908: \SystemRoot\System32\drivers\NisDrvWFP.sys:
3071390.2908: CreationTime: 2014-03-11T07:52:30.000000000Z
3081390.2908: LastWriteTime: 2016-08-25T09:46:12.000000000Z
3091390.2908: ChangeTime: 2017-01-30T18:02:23.415218100Z
3101390.2908: FileAttributes: 0x20
3111390.2908: Size: 0x212f8
3121390.2908: NT Headers: 0xe8
3131390.2908: Timestamp: 0x57a90f42
3141390.2908: Machine: 0x8664 - amd64
3151390.2908: Timestamp: 0x57a90f42
3161390.2908: Image Version: 10.0
3171390.2908: SizeOfImage: 0x20000 (131072)
3181390.2908: Resource Dir: 0x1d000 LB 0x1b90
3191390.2908: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
3201390.2908: [Raw version resource data: 0x1e728 LB 0x380, codepage 0x0 (reserved 0x0)]
3211390.2908: ProductName: Microsoft Malware Protection
3221390.2908: ProductVersion: 4.10.0202.0
3231390.2908: FileVersion: 4.10.0202.0
3241390.2908: FileDescription: Microsoft Network Realtime Inspection Driver
3251390.2908: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3261390.2908: Calling main()
3271390.2908: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3281390.2908: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3291390.2908: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3301390.2908: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3311390.2908: SUPR3HardenedMain: Respawn #2
3321390.2908: supR3HardNtEnableThreadCreation:
3331390.2908: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
3341390.2908: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3351390.2908: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3361390.2908: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3371390.2908: supR3HardenedDllNotificationCallback: load 000007fefce40000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3381390.2908: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3391390.2908: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce40000 'C:\Windows\system32\apphelp.dll'
3401390.2908: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000774e3710 pvNtTerminateThread=0000000077509db0
3411390.2908: supR3HardenedWinDoReSpawn(2): New child 1d64.1674 [kernel32].
3421390.2908: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
3431390.2908: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000774a0000 uNtDllChildAddr=00000000774a0000
3441390.2908: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000774e3710
3451390.2908: supR3HardenedWinSetupChildInit: Start child.
3461390.2908: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 5 ms.
3471390.2908: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3481390.2908: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3491390.2908: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
3501390.2908: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
3511390.2908: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
3521390.2908: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
3531390.2908: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
3541390.2908: 0000000000041000-00000000000fffff 0x0001/0x0000 0x0000000
3551390.2908: *0000000000100000-00000000001fbfff 0x0000/0x0004 0x0020000
3561390.2908: 00000000001fc000-00000000001fdfff 0x0104/0x0004 0x0020000
3571390.2908: 00000000001fe000-00000000001fffff 0x0004/0x0004 0x0020000
3581390.2908: 0000000000200000-000000007749ffff 0x0001/0x0000 0x0000000
3591390.2908: *00000000774a0000-00000000774a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3601390.2908: 00000000774a1000-00000000775c4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3611390.2908: 00000000775c5000-00000000775cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3621390.2908: 00000000775cb000-00000000775cbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3631390.2908: 00000000775cc000-00000000775d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3641390.2908: 00000000775d4000-000000007763efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3651390.2908: 000000007763f000-000000007efdffff 0x0001/0x0000 0x0000000
3661390.2908: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
3671390.2908: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3681390.2908: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3691390.2908: 000000007fff0000-000000013f2affff 0x0001/0x0000 0x0000000
3701390.2908: *000000013f2b0000-000000013f2b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3711390.2908: 000000013f2b1000-000000013f321fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3721390.2908: 000000013f322000-000000013f322fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3731390.2908: 000000013f323000-000000013f368fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3741390.2908: 000000013f369000-000000013f369fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3751390.2908: 000000013f36a000-000000013f36afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3761390.2908: 000000013f36b000-000000013f36ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3771390.2908: 000000013f370000-000000013f370fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3781390.2908: 000000013f371000-000000013f371fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3791390.2908: 000000013f372000-000000013f375fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3801390.2908: 000000013f376000-000000013f3bdfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
3811390.2908: 000000013f3be000-000007feff79ffff 0x0001/0x0000 0x0000000
3821390.2908: *000007feff7a0000-000007feff7a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
3831390.2908: 000007feff7a1000-000007fffffaffff 0x0001/0x0000 0x0000000
3841390.2908: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3851390.2908: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
3861390.2908: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
3871390.2908: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
3881390.2908: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3891390.2908: apisetschema.dll: timestamp 0x5b94704b (rc=VINF_SUCCESS)
3901390.2908: VirtualBox.exe: timestamp 0x5be4900d (rc=VINF_SUCCESS)
3911390.2908: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3921390.2908: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
3931390.2908: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
3941390.2908: supR3HardNtChildPurify: Done after 563 ms and 0 fixes (loop #0).
3951d64.1674: Log file opened: 5.2.22r126460 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3961d64.1674: supR3HardenedVmProcessInit: uNtDllAddr=00000000774a0000 g_uNtVerCombined=0x611db100
3971390.2908: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000340000 LB 0x400000)
3981d64.1674: ntdll.dll: timestamp 0x5b9470be (rc=VINF_SUCCESS)
3991d64.1674: New simple heap: #1 0000000000300000 LB 0x400000 (for 1699840 allocation)
4001390.2908: supR3HardNtEnableThreadCreation:
4011d64.1674: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
4021d64.1674: System32: \Device\HarddiskVolume1\Windows\System32
4031d64.1674: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
4041d64.1674: KnownDllPath: C:\Windows\system32
4051d64.1674: supR3HardenedVmProcessInit: Opening vboxdrv...
4061d64.1674: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4071d64.1674: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4081d64.1674: Registered Dll notification callback with NTDLL.
4091d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
4101d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
4111d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4121d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4131d64.1674: supR3HardenedDllNotificationCallback: load 0000000077180000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
4141d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4151d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
4161d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
4171d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
4181d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\kernel32.dll'
4191d64.1674: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000774e3710 pvNtTerminateThread=0000000077509db0
4201390.2908: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 51 ms.
4211d64.1674: \SystemRoot\System32\ntdll.dll:
4221d64.1674: CreationTime: 2018-10-28T20:08:58.772325400Z
4231d64.1674: LastWriteTime: 2018-09-09T01:01:09.217925500Z
4241d64.1674: ChangeTime: 2018-10-29T00:35:00.363494300Z
4251d64.1674: FileAttributes: 0x20
4261d64.1674: Size: 0x196540
4271d64.1674: NT Headers: 0xe0
4281d64.1674: Timestamp: 0x5b9470be
4291d64.1674: Machine: 0x8664 - amd64
4301d64.1674: Timestamp: 0x5b9470be
4311d64.1674: Image Version: 6.1
4321d64.1674: SizeOfImage: 0x19f000 (1699840)
4331d64.1674: Resource Dir: 0x142000 LB 0x5a028
4341d64.1674: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
4351d64.1674: [Raw version resource data: 0x1420f0 LB 0x380, codepage 0x0 (reserved 0x0)]
4361d64.1674: ProductName: Microsoft® Windows® Operating System
4371d64.1674: ProductVersion: 6.1.7601.24260
4381d64.1674: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
4391d64.1674: FileDescription: NT Layer DLL
4401d64.1674: \SystemRoot\System32\kernel32.dll:
4411d64.1674: CreationTime: 2018-10-28T20:09:02.682825400Z
4421d64.1674: LastWriteTime: 2018-09-09T00:58:53.133000000Z
4431d64.1674: ChangeTime: 2018-10-29T00:35:10.659824300Z
4441d64.1674: FileAttributes: 0x20
4451d64.1674: Size: 0x11c000
4461d64.1674: NT Headers: 0xe0
4471d64.1674: Timestamp: 0x5b9470f3
4481d64.1674: Machine: 0x8664 - amd64
4491d64.1674: Timestamp: 0x5b9470f3
4501d64.1674: Image Version: 6.1
4511d64.1674: SizeOfImage: 0x11f000 (1175552)
4521d64.1674: Resource Dir: 0x116000 LB 0x528
4531d64.1674: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4541d64.1674: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
4551d64.1674: ProductName: Microsoft® Windows® Operating System
4561d64.1674: ProductVersion: 6.1.7601.24260
4571d64.1674: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
4581d64.1674: FileDescription: Windows NT BASE API Client DLL
4591d64.1674: \SystemRoot\System32\KernelBase.dll:
4601d64.1674: CreationTime: 2018-10-28T20:09:03.349325400Z
4611d64.1674: LastWriteTime: 2018-09-09T00:58:53.163000000Z
4621d64.1674: ChangeTime: 2018-10-29T00:35:10.769027800Z
4631d64.1674: FileAttributes: 0x20
4641d64.1674: Size: 0x66800
4651d64.1674: NT Headers: 0xe8
4661d64.1674: Timestamp: 0x5b9470f4
4671d64.1674: Machine: 0x8664 - amd64
4681d64.1674: Timestamp: 0x5b9470f4
4691d64.1674: Image Version: 6.1
4701d64.1674: SizeOfImage: 0x6a000 (434176)
4711d64.1674: Resource Dir: 0x68000 LB 0x530
4721d64.1674: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
4731d64.1674: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
4741d64.1674: ProductName: Microsoft® Windows® Operating System
4751d64.1674: ProductVersion: 6.1.7601.24260
4761d64.1674: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
4771d64.1674: FileDescription: Windows NT BASE API Client DLL
4781d64.1674: \SystemRoot\System32\apisetschema.dll:
4791d64.1674: CreationTime: 2018-10-28T20:09:06.516325400Z
4801d64.1674: LastWriteTime: 2018-09-09T00:57:42.822000000Z
4811d64.1674: ChangeTime: 2018-10-29T00:34:59.552268300Z
4821d64.1674: FileAttributes: 0x20
4831d64.1674: Size: 0x1a00
4841d64.1674: NT Headers: 0xc0
4851d64.1674: Timestamp: 0x5b94704b
4861d64.1674: Machine: 0x8664 - amd64
4871d64.1674: Timestamp: 0x5b94704b
4881d64.1674: Image Version: 6.1
4891d64.1674: SizeOfImage: 0x50000 (327680)
4901d64.1674: Resource Dir: 0x30000 LB 0x3f8
4911d64.1674: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4921d64.1674: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
4931d64.1674: ProductName: Microsoft® Windows® Operating System
4941d64.1674: ProductVersion: 6.1.7601.24260
4951d64.1674: FileVersion: 6.1.7601.24260 (win7sp1_ldr.180908-0600)
4961d64.1674: FileDescription: ApiSet Schema DLL
4971d64.1674: Found driver NisDrv (0x400)
4981d64.1674: supR3HardenedWinFindAdversaries: 0x400
4991d64.1674: \SystemRoot\System32\drivers\MpFilter.sys:
5001d64.1674: CreationTime: 2016-08-25T09:46:12.000000000Z
5011d64.1674: LastWriteTime: 2016-08-25T09:46:12.000000000Z
5021d64.1674: ChangeTime: 2017-01-30T18:02:25.920719100Z
5031d64.1674: FileAttributes: 0x20
5041d64.1674: Size: 0x48058
5051d64.1674: NT Headers: 0xe8
5061d64.1674: Timestamp: 0x57a90f3d
5071d64.1674: Machine: 0x8664 - amd64
5081d64.1674: Timestamp: 0x57a90f3d
5091d64.1674: Image Version: 10.0
5101d64.1674: SizeOfImage: 0x48000 (294912)
5111d64.1674: Resource Dir: 0x45000 LB 0x1090
5121d64.1674: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
5131d64.1674: [Raw version resource data: 0x45110 LB 0x37c, codepage 0x0 (reserved 0x0)]
5141d64.1674: ProductName: Microsoft Malware Protection
5151d64.1674: ProductVersion: 4.10.0202.0
5161d64.1674: FileVersion: 4.10.0202.0
5171d64.1674: FileDescription: Microsoft antimalware file system filter driver
5181d64.1674: \SystemRoot\System32\drivers\NisDrvWFP.sys:
5191d64.1674: CreationTime: 2014-03-11T07:52:30.000000000Z
5201d64.1674: LastWriteTime: 2016-08-25T09:46:12.000000000Z
5211d64.1674: ChangeTime: 2017-01-30T18:02:23.415218100Z
5221d64.1674: FileAttributes: 0x20
5231d64.1674: Size: 0x212f8
5241d64.1674: NT Headers: 0xe8
5251d64.1674: Timestamp: 0x57a90f42
5261d64.1674: Machine: 0x8664 - amd64
5271d64.1674: Timestamp: 0x57a90f42
5281d64.1674: Image Version: 10.0
5291d64.1674: SizeOfImage: 0x20000 (131072)
5301d64.1674: Resource Dir: 0x1d000 LB 0x1b90
5311d64.1674: [Version info resource found at 0x120! (ID/Name: 0x1; SubID/SubName: 0x409)]
5321d64.1674: [Raw version resource data: 0x1e728 LB 0x380, codepage 0x0 (reserved 0x0)]
5331d64.1674: ProductName: Microsoft Malware Protection
5341d64.1674: ProductVersion: 4.10.0202.0
5351d64.1674: FileVersion: 4.10.0202.0
5361d64.1674: FileDescription: Microsoft Network Realtime Inspection Driver
5371d64.1674: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
5381d64.1674: Calling main()
5391d64.1674: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5401d64.1674: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
5411d64.1674: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5421d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5431d64.1674: SUPR3HardenedMain: Final process, opening VBoxDrv...
5441d64.1674: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
5451d64.1674: supR3HardNtEnableThreadCreation:
5461d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5471d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5481d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb561:<flags> [calling]
5491d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5501d64.1674: supR3HardenedDllNotificationCallback: load 000007fef9da0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
5511d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5521d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5531d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f8ce1:<flags> [calling]
5541d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9da0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5551d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
5561d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f8ce1:<flags> [calling]
5571d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9da0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5581d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9da0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
5591d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5601d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
5611d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5621d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
5631d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
5641d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
5651d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5661d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5671d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
5681d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
5691d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5701d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5711d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
5721d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
5731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
5741d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
5751d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5761d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
5771d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
5781d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
5791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5811d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
5821d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
5831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
5841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
5851d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5881d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5891d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd371:<flags> [calling]
5901d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5911d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
5921d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5931d64.1674: supR3HardenedDllNotificationCallback: load 000007fefec90000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
5941d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5951d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
5961d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5971d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
5981d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5991d64.1674: supR3HardenedDllNotificationCallback: load 000007fefea80000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
6001d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6011d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\Wintrust.dll'
6021d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
6031d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
6041d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd371:<flags> [calling]
6051d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6061d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc9b0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
6071d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6081d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9b0000 'C:\Windows\system32\bcrypt.dll'
6091d64.1674: bcrypt.dll loaded at 000007fefc9b0000, BCryptOpenAlgorithmProvider at 000007fefc9b2460, preloading providers:
6101d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6111d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
6121d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
6131d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
6141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6161d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6171d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6181d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6191d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6201d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6211d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
6221d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
6231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6241d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6251d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6261d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6271d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6281d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6291d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd351:<flags> [calling]
6301d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6311d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc470000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
6321d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6331d64.1674: supR3HardenedDllNotificationCallback: load 000007fefefd0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
6341d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6351d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6361d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6371d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
6381d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
6391d64.1674: supR3HardenedDllNotificationCallback: load 000007feff0b0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
6401d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6411d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc470000 'C:\Windows\system32\bcryptprimitives.dll'
6421d64.1674: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000098bdc0)
6431d64.1674: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000098dc80)
6441d64.1674: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000098ddb0)
6451d64.1674: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000098dfd0)
6461d64.1674: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000098e100)
6471d64.1674: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000098e230)
6481d64.1674: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000098e480)
6491d64.1674: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000098e5b0)
6501d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
6511d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
6521d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6531d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6541d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6551d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6561d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6571d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6581d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcec1:<flags> [calling]
6591d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6601d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc900000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
6611d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6621d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\Windows\system32\CRYPTSP.dll'
6631d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6641d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
6651d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
6661d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6671d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6681d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6691d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fce51:<flags> [calling]
6701d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6711d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc590000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
6721d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
6731d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc590000 'C:\Windows\system32\rsaenh.dll'
6741d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6751d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc6e1:<flags> [calling]
6761d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
6771d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
6781d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
6791d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fca61:<flags> [calling]
6801d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6811d64.1674: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
6821d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
6831d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\CRYPTBASE.dll'
6841d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6851d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc491:<flags> [calling]
6861d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\kernel32.dll'
6871d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6881d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fce21:<flags> [calling]
6891d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\WINTRUST.DLL'
6901d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6911d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fcc51:<flags> [calling]
6921d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\CRYPT32.dll'
6931d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6941d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
6951d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
6961d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
6971d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6981d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6991d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7011d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7021d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7031d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcca1:<flags> [calling]
7041d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7051d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe440000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
7061d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7071d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe440000 'C:\Windows\system32\imagehlp.dll'
7081d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7091d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcdf1:<flags> [calling]
7101d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\Windows\system32\CRYPTSP.dll'
7111d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7121d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
7131d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
7141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7161d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7171d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7181d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
7191d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
7201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7211d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7221d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7231d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7241d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7251d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
7261d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
7271d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7281d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7291d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7301d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7311d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7321d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7331d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7341d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7351d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
7361d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
7371d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7381d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7391d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7401d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7411d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7421d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7431d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7441d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7451d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7461d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7471d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7481d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7491d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7501d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7511d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7521d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc921:<flags> [calling]
7531d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7541d64.1674: supR3HardenedDllNotificationCallback: load 00000000772a0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
7551d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7561d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe3d0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
7571d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7581d64.1674: supR3HardenedDllNotificationCallback: load 000007fefefc0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
7591d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
7601d64.1674: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
7611d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
7621d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7631d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbe21:<flags> [calling]
7641d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
7651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
7661d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
7671d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
7681d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
7691d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
7701d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
7711d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
7721d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7731d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
7741d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
7751d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
7761d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
7771d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
7781d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7801d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7831d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
7851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
7861d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7881d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7891d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7911d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7921d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
7931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7941d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7951d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7961d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb761:<flags> [calling]
7971d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7981d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe3a0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
7991d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8001d64.1674: supR3HardenedDllNotificationCallback: load 000007fefee00000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
8011d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
8021d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32\IMM32.DLL'
8031d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772a0000 'C:\Windows\system32\USER32.dll'
8041d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
8051d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8061d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
8071d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
8081d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
8091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8101d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8111d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8121d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8131d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8141d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8161d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8171d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8181d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcc21:<flags> [calling]
8191d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8201d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc9e0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
8211d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8221d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9e0000 'C:\Windows\system32\ncrypt.dll'
8231d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8241d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fca11:<flags> [calling]
8251d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9b0000 'C:\Windows\system32\bcrypt.dll'
8261d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8271d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
8281d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8291d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
8301d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
8311d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8321d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8331d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8341d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
8351d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
8361d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8371d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8381d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8391d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8401d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8411d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8421d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8431d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8441d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8451d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc3a1:<flags> [calling]
8461d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8471d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd1e0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
8481d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8491d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd040000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
8501d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8511d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1e0000 'C:\Windows\system32\USERENV.dll'
8521d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
8531d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc101:<flags> [calling]
8541d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8551d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
8561d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc491:<flags> [calling]
8571d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8581d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8591d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
8601d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
8611d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
8621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8641d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8651d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8661d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8671d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8681d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc6c1:<flags> [calling]
8691d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8701d64.1674: supR3HardenedDllNotificationCallback: load 000007fefc2f0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
8711d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
8721d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2f0000 'C:\Windows\system32\GPAPI.dll'
8731d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
8741d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc611:<flags> [calling]
8751d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8761d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8771d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbd11:<flags> [calling]
8781d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea80000 'C:\Windows\system32\rpcrt4.dll'
8791d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
8801d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc5f1:<flags> [calling]
8811d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
8821d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
8831d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc601:<flags> [calling]
8841d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8851d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8861d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
8871d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
8881d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
8891d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
8901d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
8911d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8921d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8931d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8941d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
8951d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
8961d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8971d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8981d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8991d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9011d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9041d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9051d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9061d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9071d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9081d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc101:<flags> [calling]
9091d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9101d64.1674: supR3HardenedDllNotificationCallback: load 000007fef80e0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
9111d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9121d64.1674: supR3HardenedDllNotificationCallback: load 000007fefef10000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
9131d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
9141d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9151d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9161d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9171d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9181d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9191d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9201d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9211d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9221d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9231d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9241d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9251d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9261d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9271d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9281d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9291d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9301d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb331:<flags> [calling]
9311d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9321d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9331d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9341d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9351d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9361d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9371d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9381d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9391d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9401d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9411d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9421d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9431d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9441d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef80e0000 'C:\Windows\system32\cryptnet.dll'
9451d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9461d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fba21:<flags> [calling]
9471d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9481d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9491d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fba21:<flags> [calling]
9501d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\profapi.dll'
9511d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9521d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9531d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9541d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
9551d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
9561d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9571d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9581d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9591d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9601d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9611d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
9621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9641d64.1674: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9651d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb4b1:<flags> [calling]
9661d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9671d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe460000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
9681d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
9691d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe460000 'C:\Windows\system32\SHLWAPI.dll'
9701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
9711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000285f110
9721d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
9731d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD6E220C9F38A8200EBDC8AFFDB9E14439E5FC50
9741d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9751d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc3e1:<flags> [calling]
9761d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9771d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9781d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbf41:<flags> [calling]
9791d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9801d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9811d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbf41:<flags> [calling]
9821d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
9831d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9841d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc3e1:<flags> [calling]
9851d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
9861d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9871d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc391:<flags> [calling]
9881d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9891d64.1674: supR3HardenedIsApiSetDll: '<NULL>' -> true
9901d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc081:<flags> [calling]
9911d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
9921d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
9931d64.1674: g_pfnWinVerifyTrust=000007fefd221010
9941d64.1674: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
9951d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
9961d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
9971d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
9981d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
9991d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_194_for_KB4019263~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
10001d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10011d64.1674: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
10021d64.1674: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10031d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
10041d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10051d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10061d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
10071d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4019263~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
10081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10091d64.1674: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
10101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
10111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10131d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
10141d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
10151d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10161d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
10171d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
10181d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10191d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10201d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
10211d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
10221d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10231d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
10241d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e4 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
10251d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10261d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
10281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4019263~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
10291d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10301d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
10311d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000280 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
10321d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10331d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10341d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
10351d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
10361d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10371d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
10381d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ec pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
10391d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10401d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10411d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10421d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
10431d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10441d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
10451d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e8 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
10461d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10471d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10481d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
10491d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
10501d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10511d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
10521d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
10531d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10541d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10551d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EDB3492C0D109851A9287A4EEDC4459B57D4E057
10561d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
10571d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10581d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
10591d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
10601d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10611d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10621d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B18074E6500B26B9675D6739EF0E6FFC56E8E0CA
10631d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_89_for_KB4041678~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
10641d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10651d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
10661d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
10671d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10681d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10691d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
10701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
10711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10721d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
10731d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
10741d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10751d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10761d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
10771d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
10781d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10791d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
10801d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
10811d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10821d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10831d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0976C6D821542964C851401BD806F4FB92239609
10841d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_94_for_KB4457145~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
10851d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10861d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
10871d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
10881d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10891d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10901d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7D1293E1649D0B3FFEB043FC6969A1FEFC6F1CA6
10911d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
10921d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10931d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
10941d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
10951d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
10961d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
10971d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
10981d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_69_for_KB3205394~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
10991d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11001d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
11011d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
11021d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11031d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11041d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
11051d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
11061d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11071d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
11081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
11091d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AACF7509B51F6EE1C488032E3546D8DADE449958
11121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
11131d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11141d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
11151d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
11161d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
11171d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11181d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11191d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
11201d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
11211d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11221d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
11231d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
11241d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11251d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11261d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
11271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
11281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11291d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
11301d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
11311d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11321d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11331d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=05CAE64C569CF798B9DE40228DC72DF68E3C06DD
11341d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
11351d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11361d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
11371d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
11381d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
11391d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11401d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11411d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D8E480120D0450B3E1A876862682BEAD97820BA
11421d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
11431d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11441d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
11451d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
11461d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11471d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11481d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
11491d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
11501d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11511d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
11521d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
11531d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11541d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11551d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
11561d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
11571d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11581d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
11591d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
11601d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11611d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11621d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B9BF2454C9FE7D7D3FD62194C9C923AEC926AFE2
11631d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
11641d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11651d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
11661d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
11671d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
11681d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11691d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D8CEC52A5C8B64FCBF4F593B374045F877EF49D9
11711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
11721d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11731d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
11741d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
11751d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
11761d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
11771d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FD69D2F22C194303B1FD37B1F9457AEC94587FB
11781d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_93_for_KB4462915~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
11791d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11801d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
11811d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
11821d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbe81:<flags> [calling]
11831d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\crypt32.dll'
11841d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xe89ef5628c4d500 CN=WSUS Publishers Self-signed
11851d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
11861d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
11871d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
11881d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xfee885754344b900 CN=UbisoftRootCA
11891d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11901d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
11911d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
11921d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
11931d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
11941d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
11951d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
11961d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
11971d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
11981d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11991d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12001d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12011d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12021d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12031d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12041d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12051d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
12061d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
12071d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12081d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12091d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12101d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12111d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12121d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
12131d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12141d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
12151d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12161d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12171d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
12181d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12191d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12201d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12211d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12221d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12231d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12241d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12251d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12261d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12271d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xac1e0fca7ad3c900 C=ES, O=IZENPE S.A., CN=Izenpe.com
12281d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12291d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
12301d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
12311d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12321d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12331d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12341d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12351d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xe04978533aa6a000 CN=WSUS Publishers Self-signed
12361d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12371d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xf9121b5234a8fb5b CN=efs_administrator, L=EFS, OU=EFS File Encryption Certificate
12381d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12391d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0x4d4031af14bdfd00 CN=UbiOnlineRootCA
12401d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xd2f6c3c74a94c100 DC=org, DC=ubisoft, CN=UBISOFTORG
12411d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xfee885754344b900 CN=UbisoftRootCA
12421d64.1674: supR3HardenedWinIsDesiredRootCA: Adding 0xfee885754344b900 CN=UbisoftRootCA
12431d64.1674: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=59
12441d64.1674: SUPR3HardenedMain: Load Runtime...
12451d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12461d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12471d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12481d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12491d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12501d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
12511d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12521d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12531d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
12541d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12551d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12561d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
12571d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
12581d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
12591d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
12601d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
12611d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12621d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12631d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12641d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12651d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
12661d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
12671d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12681d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12691d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12701d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12711d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
12721d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12741d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
12751d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
12761d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
12771d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
12781d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
12791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
12801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
12811d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
12821d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
12831d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
12841d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
12851d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
12861d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12871d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
12881d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
12891d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12911d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
12921d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12941d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
12951d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc1b1:<flags> [calling]
12961d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
12971d64.1674: supR3HardenedDllNotificationCallback: load 000007fedc180000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
12981d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
12991d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
13001d64.1674: supR3HardenedDllNotificationCallback: load 0000000067130000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13011d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
13021d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
13031d64.1674: supR3HardenedDllNotificationCallback: load 0000000065be0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13041d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
13051d64.1674: supR3HardenedDllNotificationCallback: load 000007fefef70000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
13061d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
13071d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe390000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
13081d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
13091d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13101d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13111d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13121d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13131d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13141d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13151d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13161d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13171d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13181d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13191d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13201d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13211d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13221d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13231d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13241d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13251d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13261d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13271d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13281d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13291d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13301d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13311d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13321d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13331d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13341d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13351d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13361d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13371d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13381d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13391d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13401d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13411d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13421d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13431d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13441d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13451d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13461d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13471d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13481d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13491d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13501d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13511d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13521d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
13531d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f98f1:<flags> [calling]
13541d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13551d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13561d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13571d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc180000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13581d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
13591d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fdd11:<flags> [calling]
13601d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\Wintrust.dll'
13611d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
13621d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc861:<flags> [calling]
13631d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd280000 'C:\Windows\system32\crypt32.dll'
13641d64.1674: SUPR3HardenedMain: Load TrustedMain...
13651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13661d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13671d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13681d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13691d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13701d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
13711d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
13721d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
13731d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
13741d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
13751d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
13761d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
13771d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
13781d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
13791d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
13801d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
13811d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
13821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
13831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
13841d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
13851d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
13861d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
13871d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
13881d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
13891d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13901d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13911d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13921d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
13931d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
13941d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
13951d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
13961d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
13971d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
13981d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
13991d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F3C6A8E78B194E7D963517E37487BF5CFB023A3
14001d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_90_for_KB4103712~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
14011d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14021d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14031d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14041d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14051d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14061d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14071d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
14081d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
14091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14101d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
14121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
14131d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
14141d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F7315D2D59252FF40C3711C89A1867C99055AC8D
14151d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_89_for_KB4338823~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
14161d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14171d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14181d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14191d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14201d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14211d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
14221d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
14231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14241d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14251d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
14261d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
14271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
14281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA873F6BA4C4860AD876810341DDA72EC42C3A8A
14291d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_94_for_KB4457145~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
14301d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14311d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14321d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14331d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14341d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14351d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
14361d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
14371d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14381d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14391d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
14401d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14411d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14421d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
14431d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
14441d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
14451d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
14461d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
14471d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
14481d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
14491d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
14501d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
14511d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
14521d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14531d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14541d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
14551d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
14561d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14571d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14581d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
14591d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
14601d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
14611d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
14621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
14631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
14641d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14661d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
14671d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
14681d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
14691d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14701d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14711d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
14721d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
14731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
14741d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
14751d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14761d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14771d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
14781d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14791d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
14801d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
14811d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
14821d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
14831d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
14841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14861d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
14871d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
14881d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
14891d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
14901d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14911d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
14921d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
14931d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
14941d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
14951d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14961d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14971d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14981d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
14991d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15011d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
15021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15041d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15051d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15061d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
15071d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
15081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
15091d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
15101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
15111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15121d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15131d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15141d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15151d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
15161d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
15171d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15181d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
15191d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
15201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15211d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15221d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15241d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
15251d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
15261d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
15271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
15291d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15301d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15311d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15321d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15331d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15341d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15351d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15361d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
15371d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
15381d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15391d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15401d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
15411d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
15421d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
15431d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15441d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
15451d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15461d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15471d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15481d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15491d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
15501d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
15511d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15521d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15531d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
15541d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15551d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15561d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
15571d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15581d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15591d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15601d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15611d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
15621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15641d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
15651d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
15661d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
15671d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume1\Windows\System32\mpr.dll
15681d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
15691d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
15701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
15711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\mpr.dll'
15721d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15731d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) WinVerifyTrust
15741d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
15751d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15761d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15771d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
15781d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15801d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
15811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15831d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
15841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15861d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
15871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15881d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15891d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15911d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
15921d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15941d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
15951d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15961d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15971d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15981d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15991d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16011d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16041d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
16051d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16061d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16071d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
16081d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16101d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16111d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
16121d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
16131d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
16141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16161d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
16171d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16181d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16191d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16211d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16221d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16241d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16251d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16261d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16271d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16281d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16291d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
16301d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16311d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16321d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000544 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
16331d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
16341d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
16351d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16361d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
16371d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16381d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16391d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16401d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16411d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16421d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16431d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16441d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
16451d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
16461d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16471d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16481d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000548 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
16491d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
16501d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
16511d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16521d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
16531d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16541d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16551d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16561d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16571d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
16581d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
16591d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16601d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16611d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16641d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16651d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16661d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16671d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16681d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16691d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16701d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16711d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16721d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16741d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
16751d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
16761d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
16771d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
16781d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
16791d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
16801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
16821d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
16831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16881d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16891d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
16901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16911d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16921d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16941d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16951d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16961d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
16971d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16981d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16991d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17011d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17041d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17051d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17061d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17071d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17081d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17101d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17111d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
17121d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17131d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17161d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17171d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17181d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17191d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17211d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17221d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17241d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
17251d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17261d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000053c pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
17281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
17291d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
17301d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
17311d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
17321d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17331d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17341d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17351d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17361d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust
17371d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
17381d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17391d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17401d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
17411d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17421d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17431d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17441d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17451d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
17461d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17471d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17481d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17491d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17501d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17511d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17521d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
17531d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17541d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17551d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17561d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17571d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000550 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
17581d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
17591d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
17601d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
17611d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
17621d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17631d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17641d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17661d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust
17671d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
17681d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17691d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000558 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
17711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
17721d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
17731d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
17741d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
17751d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17761d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17771d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17781d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17791d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17801d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17811d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17821d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17831d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
17841d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
17851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17881d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17891d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000504 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
17901d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
17911d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
17921d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C66AED045531DAF732B86F3FB79EF5E960A8945E
17931d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_94_for_KB4457145~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
17941d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17951d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17961d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17971d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17981d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust
17991d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
18001d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18011d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18041d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18051d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18061d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18071d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18081d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18101d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
18111d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
18121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000564 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
18131d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
18141d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
18151d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
18161d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
18171d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18181d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18191d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
18201d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) WinVerifyTrust
18211d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
18221d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18241d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18251d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18261d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18271d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18281d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18291d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18301d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18311d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18321d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18331d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18341d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18351d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000056c pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
18361d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
18371d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
18381d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
18391d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
18401d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18411d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18421d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18431d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18441d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) WinVerifyTrust
18451d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
18461d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18471d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18481d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18491d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18501d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18511d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18521d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18531d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18541d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18551d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18561d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18571d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18581d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18591d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18601d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18611d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18621d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18631d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18641d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18651d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18661d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
18671d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18681d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18691d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc1c1:<flags> [calling]
18701d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
18711d64.1674: supR3HardenedDllNotificationCallback: load 000007fed8220000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18721d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
18731d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
18741d64.1674: supR3HardenedDllNotificationCallback: load 000007fee7c50000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
18751d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
18761d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
18771d64.1674: supR3HardenedDllNotificationCallback: load 000007fef2e50000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
18781d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
18791d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
18801d64.1674: supR3HardenedDllNotificationCallback: load 000007fee89d0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
18811d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
18821d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
18831d64.1674: supR3HardenedDllNotificationCallback: load 000007fef1c70000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
18841d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
18851d64.1674: supR3HardenedDllNotificationCallback: load 000007feff0d0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
18861d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
18871d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
18881d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
18891d64.1674: supR3HardenedDllNotificationCallback: load 000007fefebb0000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
18901d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
18911d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x001fd000 C:\Windows\system32\ole32.dll [fFlags=0x0]
18921d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
18931d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd200000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
18941d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
18951d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
18961d64.1674: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
18971d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
18981d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18991d64.1674: supR3HardenedDllNotificationCallback: load 000000005d160000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
19001d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19011d64.1674: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
19021d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
19031d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
19041d64.1674: supR3HardenedDllNotificationCallback: load 000007fef9300000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
19051d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
19061d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19071d64.1674: supR3HardenedDllNotificationCallback: load 000007fed5f00000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
19081d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19091d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19101d64.1674: supR3HardenedDllNotificationCallback: load 0000000055b80000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
19111d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19121d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
19131d64.1674: supR3HardenedDllNotificationCallback: load 000007fef05b0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
19141d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
19151d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
19161d64.1674: supR3HardenedDllNotificationCallback: load 000007fef8f90000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
19171d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
19181d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe670000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
19191d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
19201d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
19211d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
19221d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
19231d64.1674: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
19241d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
19251d64.1674: supR3HardenedDllNotificationCallback: load 000007fef5550000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
19261d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
19271d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19281d64.1674: supR3HardenedDllNotificationCallback: load 000000006be80000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
19291d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
19301d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
19311d64.1674: supR3HardenedDllNotificationCallback: load 000007fef9020000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
19321d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
19331d64.1674: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
19341d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
19351d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
19361d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19371d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19381d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19391d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19401d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19411d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19421d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb791:<flags> [calling]
19431d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3a0000 'C:\Windows\system32\imm32.dll'
19441d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.DLL'
19451d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
19461d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
19471d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\cryptbase.dll'
19481d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8220000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19491d64.1674: SUPR3HardenedMain: Calling TrustedMain (000007fed82214f0)...
19501d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
19511d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fda71:<flags> [calling]
19521d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
19531d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
19541d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
19551d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc151:<flags> [calling]
19561d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd040000 'C:\Windows\system32\profapi.dll'
19571d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
19581d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
19591d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
19601d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
19611d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
19621d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19631d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19641d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
19651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
19661d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
19671d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
19681d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
19691d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
19701d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19711d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19721d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19741d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19751d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19761d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19771d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19781d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19821d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
19831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19851d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
19861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19881d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
19891d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
19901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
19911d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
19921d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19941d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19951d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19961d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
19971d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19981d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19991d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe441:<flags> [calling]
20001d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20011d64.1674: supR3HardenedDllNotificationCallback: load 000007fee49b0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
20021d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
20031d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee49b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
20041d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
20051d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe371:<flags> [calling]
20061d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\Windows\system32\CRYPTBASE.dll'
20071d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005fc pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
20091d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
20101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
20111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
20121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20131d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20141d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
20151d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
20161d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
20171d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20181d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20191d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20211d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20221d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20241d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fde41:<flags> [calling]
20251d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20261d64.1674: supR3HardenedDllNotificationCallback: load 000007fefbc90000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
20271d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20281d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc90000 'C:\Windows\system32\uxtheme.dll'
20291d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20301d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd881:<flags> [calling]
20311d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc90000 'C:\Windows\system32\uxtheme.dll'
20321d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20331d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd5f1:<flags> [calling]
20341d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc90000 'C:\Windows\system32\uxtheme.dll'
20351d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20361d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd5f1:<flags> [calling]
20371d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc90000 'C:\Windows\system32\uxtheme.dll'
20381d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772a0000 'C:\Windows\system32\user32.dll'
20391d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
20401d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe681:<flags> [calling]
20411d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\shell32.dll'
20421d64.1674: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
20431d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
20441d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
20451d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fdd21:<flags> [calling]
20461d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\dwmapi.dll'
20471d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
20481d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001feaa1:<flags> [calling]
20491d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
20501d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
20511d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001feaa1:<flags> [calling]
20521d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
20531d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
20541d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fed81:<flags> [calling]
20551d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\shell32.dll'
20561d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
20571d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fed51:<flags> [calling]
20581d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc90000 'C:\Windows\system32\uxtheme.dll'
20591d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\advapi32.dll'
20601d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
20611d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fecb1:<flags> [calling]
20621d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1e0000 'C:\Windows\system32\userenv.dll'
20631d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
20641d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fed91:<flags> [calling]
20651d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\kernel32.dll'
20661d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000604 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
20671d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
20681d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
20691d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
20701d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
20711d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20721d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20731d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
20741d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20751d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20761d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
20771d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
20781d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
20791d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
20801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20841d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
20851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20871d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
20881d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20891d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20901d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20911d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20921d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
20931d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20941d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20951d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
20961d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcb11:<flags> [calling]
20971d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
20981d64.1674: supR3HardenedDllNotificationCallback: load 000007fefe710000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
20991d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
21001d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\Windows\system32\CLBCatQ.DLL'
21011d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
21021d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
21031d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb961:<flags> [calling]
21041d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\Windows\system32\CRYPTSP.dll'
21051d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000064c pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
21061d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
21071d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
21081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
21091d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
21101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21111d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
21121d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
21131d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
21141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21151d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21161d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb521:<flags> [calling]
21171d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
21181d64.1674: supR3HardenedDllNotificationCallback: load 000007fefcf90000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
21191d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
21201d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\RpcRtRemote.dll'
21211d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21221d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21231d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21241d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21251d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21261d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21271d64.226c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
21281d64.226c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
21291d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21301d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21311d64.226c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
21321d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21331d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21341d64.226c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
21351d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21361d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21371d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21381d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21391d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21401d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21411d64.226c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
21421d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21431d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21441d64.226c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052be4a1:<flags> [calling]
21451d64.226c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
21461d64.226c: supR3HardenedDllNotificationCallback: load 000007fed8dd0000 LB 0x00546000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
21471d64.226c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
21481d64.226c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8dd0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
21491d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21501d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21511d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21521d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
21531d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
21541d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
21551d64.226c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21561d64.226c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
21571d64.226c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21581d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21591d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21601d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21611d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21621d64.226c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
21631d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21641d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21651d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21661d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21671d64.226c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
21681d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21691d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21701d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21711d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21721d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21731d64.226c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21741d64.226c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052bcf41:<flags> [calling]
21751d64.226c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21761d64.226c: supR3HardenedDllNotificationCallback: load 000007fee2b60000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
21771d64.226c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
21781d64.226c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2b60000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
21791d64.226c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
21801d64.226c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000052bcdd1:<flags> [calling]
21811d64.226c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\oleaut32.dll'
21821d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
21831d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
21841d64.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21851d64.2b0c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21861d64.2b0c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
21871d64.2b0c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21881d64.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21891d64.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21901d64.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21911d64.2b0c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21921d64.2b0c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004eca181:<flags> [calling]
21931d64.2b0c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21941d64.2b0c: supR3HardenedDllNotificationCallback: load 000007fef1c40000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
21951d64.2b0c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
21961d64.2b0c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c40000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
21971d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
21981d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21991d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
22001d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
22011d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5openglvbox.dll'.
22021d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
22031d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
22041d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
22051d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
22061d64.1674: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 00000000000009e0 (hFile=00000000000009d8) with 0xc0000022 -> STATUS_TRUST_FAILURE
22071d64.1674: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
22081d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ec pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll
22091d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
22101d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
22111d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
22121d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
22131d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22141d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) WinVerifyTrust
22151d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
22161d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22171d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22181d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
22191d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
22201d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
22211d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22221d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
22231d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
22241d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22251d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22261d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22271d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22281d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22291d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22301d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22311d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22321d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
22331d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
22341d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22351d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22361d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
22371d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
22381d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
22391d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
22401d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22411d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22421d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
22431d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22441d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22451d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
22461d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22471d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22481d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22491d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22501d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
22511d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
22521d64.1674: supR3HardenedDllNotificationCallback: load 000007fefce40000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
22531d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
22541d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce40000 'C:\Windows\system32\apphelp.dll'
22551d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
22561d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
22571d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f9f81:<flags> [calling]
22581d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\Windows\system32\MSCTF.dll'
22591d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
22601d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
22611d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f8161:<flags> [calling]
22621d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\OLEAUT32.dll'
22631d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f8 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
22641d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
22651d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
22661d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
22671d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
22681d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22691d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22701d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
22711d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22721d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22731d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22741d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
22751d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
22761d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
22771d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22781d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22791d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
22801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22831d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22881d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
22891d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
22901d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
22911d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
22921d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
22931d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22941d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22951d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
22961d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22971d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22981d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
22991d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
23001d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
23011d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23021d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23031d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23041d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23051d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
23061d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23071d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23081d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
23091d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23101d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23111d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23121d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23131d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23141d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23151d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f69f1:<flags> [calling]
23161d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
23171d64.1674: supR3HardenedDllNotificationCallback: load 000007fef7040000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
23181d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
23191d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
23201d64.1674: supR3HardenedDllNotificationCallback: load 000007fef7430000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
23211d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
23221d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7040000 'C:\Windows\system32\wbem\wbemprox.dll'
23231d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a20 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
23241d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
23251d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
23261d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
23271d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
23281d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23291d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23301d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
23311d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
23321d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
23331d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23341d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23351d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
23361d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23371d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23381d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f6631:<flags> [calling]
23391d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
23401d64.1674: supR3HardenedDllNotificationCallback: load 000007fef6d00000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
23411d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
23421d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d00000 'C:\Windows\system32\wbem\wbemsvc.dll'
23431d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
23441d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
23451d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
23461d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
23471d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
23481d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23491d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23501d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
23511d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
23521d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
23531d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
23541d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
23551d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
23561d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
23571d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
23581d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
23591d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a30 pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
23601d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
23611d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
23621d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
23631d64.1674: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
23641d64.1674: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23651d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23661d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
23671d64.1674: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
23681d64.1674: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
23691d64.1674: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
23701d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23711d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23721d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23731d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23741d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23751d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23761d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23771d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23781d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
23791d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23801d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23811d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23821d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23831d64.1674: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
23841d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23851d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23861d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23871d64.1674: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23881d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f6671:<flags> [calling]
23891d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
23901d64.1674: supR3HardenedDllNotificationCallback: load 000007fef6d20000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
23911d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
23921d64.1674: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
23931d64.1674: supR3HardenedDllNotificationCallback: load 000007fef86c0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
23941d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
23951d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d20000 'C:\Windows\system32\wbem\fastprox.dll'
23961d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\OLEAUT32.dll'
23971d64.1674: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
23981d64.1674: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f5e61:<flags> [calling]
23991d64.1674: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\WINMM.dll'
24001d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24011d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
24021d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24031d64.2a44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
24041d64.2a44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24051d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24061d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24071d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
24081d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
24091d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
24101d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24111d64.2a44: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
24121d64.2a44: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
24131d64.2a44: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
24141d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24151d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24161d64.2a44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
24171d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24181d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24191d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24201d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24211d64.2a44: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24221d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24231d64.2a44: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24241d64.2a44: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000070ae1f1:<flags> [calling]
24251d64.2a44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24261d64.2a44: supR3HardenedDllNotificationCallback: load 000007fedda30000 LB 0x002ca000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
24271d64.2a44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24281d64.2a44: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
24291d64.2a44: supR3HardenedDllNotificationCallback: load 00000000659e0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
24301d64.2a44: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
24311d64.2a44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24321d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b74 pwszName=\Device\HarddiskVolume1\Windows\System32\netcfgx.dll
24331d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
24341d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
24351d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
24361d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\netcfgx.dll'
24371d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24381d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
24391d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
24401d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
24411d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24421d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24431d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
24441d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
24451d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
24461d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\netcfgx.dll) WinVerifyTrust
24471d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
24481d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24491d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24501d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24511d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
24521d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
24531d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
24541d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
24551d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24561d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24571d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
24581d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
24591d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
24601d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
24611d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
24621d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24631d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24641d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
24651d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24661d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24671d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24681d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24691d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24701d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24711d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24721d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24731d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24741d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24751d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24761d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24771d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
24781d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24791d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24801d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
24811d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
24821d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b60 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
24831d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
24841d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
24851d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
24861d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
24871d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24881d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24891d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
24901d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
24911d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
24921d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
24931d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24941d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
24951d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
24961d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24971d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24981d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
24991d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25001d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
25011d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25021d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25031d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25041d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25051d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820b251:<flags> [calling]
25061d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
25071d64.16d8: supR3HardenedDllNotificationCallback: load 000007fee9d30000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
25081d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
25091d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
25101d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef9060000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
25111d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
25121d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
25131d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef9010000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
25141d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
25151d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9d30000 'C:\Windows\system32\netcfgx.dll'
25161d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
25171d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820ca11:<flags> [calling]
25181d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\SETUPAPI.dll'
25191d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25201d64.16d8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll)
25211d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll
25221d64.16d8: supR3HardenedDllNotificationCallback: load 000007fefc310000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
25231d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
25241d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb8 pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll
25251d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
25261d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
25271d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
25281d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
25291d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25301d64.16d8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
25311d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
25321d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25331d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25341d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820c7b1:<flags> [calling]
25351d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd220000 'C:\Windows\system32\WINTRUST.dll'
25361d64.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25371d64.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25381d64.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25391d64.12e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25401d64.12e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
25411d64.12e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25421d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25431d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25441d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25451d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25461d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25471d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25481d64.12e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25491d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25501d64.12e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25511d64.12e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000950db91:<flags> [calling]
25521d64.12e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25531d64.12e0: supR3HardenedDllNotificationCallback: load 000007fef1a10000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
25541d64.12e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
25551d64.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1a10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
25561d64.12e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772a0000 'C:\Windows\system32\User32.dll'
25571d64.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25581d64.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
25591d64.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25601d64.176c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
25611d64.176c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25621d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25631d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25641d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
25651d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
25661d64.176c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
25671d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25681d64.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25691d64.176c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000964d7b1:<flags> [calling]
25701d64.176c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25711d64.176c: supR3HardenedDllNotificationCallback: load 000007fef1a00000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
25721d64.176c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
25731d64.176c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1a00000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
25741d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
25751d64.16d8: supR3HardenedMonitor_NtCreateSection: NtMapViewOfSection failed on 0000000000000c04 (hFile=0000000000000c18) with 0xc0000022 -> STATUS_TRUST_FAILURE
25761d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25771d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
25781d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25791d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
25801d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
25811d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
25821d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
25831d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
25841d64.1da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
25851d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
25861d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25871d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25881d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25891d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25901d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
25911d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25921d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25931d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
25941d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
25951d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25961d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
25971d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25981d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25991d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
26001d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
26011d64.1da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
26021d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
26031d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26041d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26051d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26061d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26071d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26081d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
26091d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
26101d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
26111d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26121d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26131d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26141d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26151d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26161d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26171d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26181d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26191d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26201d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26211d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
26221d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
26231d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
26241d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26251d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26261d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997dc71:<flags> [calling]
26271d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
26281d64.1da0: supR3HardenedDllNotificationCallback: load 000007fee11e0000 LB 0x00110000 C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
26291d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.dll
26301d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
26311d64.1da0: supR3HardenedDllNotificationCallback: load 000007fef06d0000 LB 0x0002f000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
26321d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
26331d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
26341d64.1da0: supR3HardenedDllNotificationCallback: load 000007fef0580000 LB 0x00026000 C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
26351d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
26361d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee11e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedCrOpenGL.DLL'
26371d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll
26381d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997eab1:<flags> [calling]
26391d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0580000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLrenderspu.dll'
26401d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26411d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
26421d64.1da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
26431d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
26441d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
26451d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
26461d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
26471d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26481d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26491d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997ea51:<flags> [calling]
26501d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
26511d64.1da0: supR3HardenedDllNotificationCallback: load 000007fef06b0000 LB 0x0001a000 C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
26521d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll
26531d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef06b0000 'C:\Program Files\Oracle\VirtualBox\VBoxOGLhosterrorspu.dll'
26541d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
26551d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997ca51:<flags> [calling]
26561d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
26571d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32/opengl32.dll'
26581d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
26591d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997e5a1:<flags> [calling]
26601d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
26611d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
26621d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
26631d64.1da0: \Device\HarddiskVolume1\Windows\System32\nvoglv64.dll: Owner is administrators group.
26641d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
26651d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
26661d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
26671d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26681d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
26691d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
26701d64.1da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nvoglv64.dll) WinVerifyTrust
26711d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nvoglv64.dll
26721d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
26731d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
26741d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c68 pwszName=\Device\HarddiskVolume1\Windows\System32\version.dll
26751d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
26761d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
26771d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
26781d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\version.dll'
26791d64.1da0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26801d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
26811d64.1da0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust
26821d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
26831d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26841d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26851d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
26861d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26871d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26881d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
26891d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
26901d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
26911d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26921d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26931d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26941d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26951d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26961d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26971d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\nvoglv64.dll (Input=nvoglv64, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997ddd1:<flags> [calling]
26981d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nvoglv64.dll
26991d64.1da0: supR3HardenedDllNotificationCallback: load 0000000053d40000 LB 0x01e31000 C:\Windows\system32\nvoglv64.dll [fFlags=0x0]
27001d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nvoglv64.dll
27011d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
27021d64.1da0: supR3HardenedDllNotificationCallback: load 000007fefc100000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
27031d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
27041d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
27051d64.1da0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ntmarta.dll'.
27061d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27071d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
27081d64.1da0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wldap32.dll'.
27091d64.1da0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ntmarta.dll)
27101d64.1da0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntmarta.dll
27111d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
27121d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
27131d64.1da0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
27141d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27151d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27161d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27171d64.1da0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27181d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ntmarta.dll (Input=ntmarta.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997d201:<flags> [calling]
27191d64.1da0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
27201d64.1da0: supR3HardenedDllNotificationCallback: load 000007fefbef0000 LB 0x0002d000 C:\Windows\system32\ntmarta.dll [fFlags=0x0]
27211d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ntmarta.dll [avoiding WinVerifyTrust]
27221d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbef0000 'C:\Windows\system32\ntmarta.dll'
27231d64.1da0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ntmarta.dll'.
27241d64.1da0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\ntmarta.dll' [rescheduled]
27251d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000053d40000 'C:\Windows\system32\nvoglv64.dll'
27261d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
27271d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997dd51:<flags> [calling]
27281d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3d0000 'C:\Windows\system32\gdi32.dll'
27291d64.f00: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd4 pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll
27301d64.f00: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
27311d64.f00: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
27321d64.f00: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
27331d64.f00: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll'
27341d64.f00: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27351d64.f00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27361d64.f00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27371d64.f00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
27381d64.f00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
27391d64.f00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
27401d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27411d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27421d64.f00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
27431d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27441d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27451d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\opengl32.dll'
27461d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27471d64.f00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27481d64.f00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\POWRPROF.DLL (Input=POWRPROF.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009e4f6b1:<flags> [calling]
27491d64.f00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
27501d64.f00: supR3HardenedDllNotificationCallback: load 000007fefab20000 LB 0x0002c000 C:\Windows\system32\POWRPROF.DLL [fFlags=0x0]
27511d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
27521d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997e0f1:<flags> [calling]
27531d64.f00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
27541d64.f00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab20000 'C:\Windows\system32\POWRPROF.DLL'
27551d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\Windows\system32\dwmapi.dll'
27561d64.f00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772a0000 'C:\Windows\system32\USER32.dll'
27571d64.f00: supR3HardenedDllNotificationCallback: Unload 000007fefab20000 LB 0x0002c000 C:\Windows\system32\POWRPROF.DLL [flags=0x0]
27581d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27591d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27601d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27611d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27621d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27631d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27641d64.1da0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
27651d64.1da0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000997e971:<flags> [calling]
27661d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27671d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27681d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27691d64.1da0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27701d64.1af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27711d64.1af8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7c50000 'C:\Windows\system32\OPENGL32.dll'
27721d64.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27731d64.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27741d64.1ce0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27751d64.1ce0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
27761d64.1ce0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27771d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27781d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27791d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27801d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27811d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27821d64.1ce0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27831d64.1ce0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b8addd1:<flags> [calling]
27841d64.1ce0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27851d64.1ce0: supR3HardenedDllNotificationCallback: load 000007fef1890000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
27861d64.1ce0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
27871d64.1ce0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1890000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
27881d64.2688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27891d64.2688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27901d64.2688: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27911d64.2688: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
27921d64.2688: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
27931d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27941d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27951d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27961d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27971d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27981d64.2688: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27991d64.2688: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009a9ddd1:<flags> [calling]
28001d64.2688: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28011d64.2688: supR3HardenedDllNotificationCallback: load 000007fef17a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
28021d64.2688: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28031d64.2688: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef17a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
28041d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd600000 'C:\Windows\system32\Shell32.dll'
28051d64.16d8: supR3HardenedIsApiSetDll: '<NULL>' -> true
28061d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000008208f91:<flags> [calling]
28071d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
28081d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28091d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820b2c1:<flags> [calling]
28101d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28111d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28121d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28131d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28141d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28151d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28161d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
28171d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28181d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28191d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28201d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28211d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28221d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28231d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28241d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28251d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28261d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28271d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28281d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820c471:<flags> [calling]
28291d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28301d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef04f0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28311d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28321d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef04f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
28331d64.16d8: supR3HardenedDllNotificationCallback: Unload 000007fef04f0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
28341d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28351d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28361d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28371d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
28381d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
28391d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28401d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
28411d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
28421d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
28431d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
28441d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
28451d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
28461d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
28471d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28481d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
28491d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28501d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28511d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28521d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28531d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
28541d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28551d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28561d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
28571d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28581d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28591d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28601d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28611d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28621d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28631d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
28641d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28651d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28661d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28671d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28681d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28691d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28701d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28711d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28721d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28731d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28741d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28751d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28761d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28771d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28781d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28791d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28801d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28811d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28821d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28831d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28841d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28851d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
28861d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28871d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28881d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28891d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28901d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28911d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28921d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28931d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28941d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28951d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28961d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d651:<flags> [calling]
28971d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
28981d64.16d8: supR3HardenedDllNotificationCallback: load 000007fed5530000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
28991d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
29001d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29011d64.16d8: supR3HardenedDllNotificationCallback: load 000007fee7960000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
29021d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29031d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29041d64.16d8: supR3HardenedDllNotificationCallback: load 000007fee4950000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
29051d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29061d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed5530000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
29071d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29081d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d651:<flags> [calling]
29091d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29101d64.16d8: supR3HardenedDllNotificationCallback: load 000007feef120000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29111d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29121d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef120000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
29131d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
29141d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d651:<flags> [calling]
29151d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed8dd0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
29161d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29171d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d561:<flags> [calling]
29181d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4950000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
29191d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29201d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29211d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
29221d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29231d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29241d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29251d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29261d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29271d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d561:<flags> [calling]
29281d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29291d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef0720000 LB 0x0001f000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
29301d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29311d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0720000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
29321d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29331d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29341d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
29351d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29361d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29371d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29381d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29391d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29401d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d561:<flags> [calling]
29411d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29421d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef0520000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
29431d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29441d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0520000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
29451d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29461d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29471d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
29481d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29491d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29501d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29511d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29521d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29531d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d561:<flags> [calling]
29541d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29551d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef0500000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
29561d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29571d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0500000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
29581d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29591d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29601d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
29611d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29621d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29631d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29641d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29651d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29661d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d561:<flags> [calling]
29671d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29681d64.16d8: supR3HardenedDllNotificationCallback: load 000007feef5f0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
29691d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29701d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef5f0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
29711d64.26b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29721d64.26b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29731d64.26b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29741d64.26b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
29751d64.26b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29761d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29771d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29781d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29791d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29801d64.26b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29811d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29821d64.26b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29831d64.26b8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
29841d64.26b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000155dd831:<flags> [calling]
29851d64.26b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29861d64.26b8: supR3HardenedDllNotificationCallback: load 000007fef1570000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
29871d64.26b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29881d64.26b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1570000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
29891d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29901d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29911d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29921d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
29931d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
29941d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
29951d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29961d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29971d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29981d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
29991d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30001d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30011d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30021d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30031d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30041d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30051d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30061d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30071d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820ec91:<flags> [calling]
30081d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30091d64.16d8: supR3HardenedDllNotificationCallback: load 000007fee2a90000 LB 0x000cd000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
30101d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30111d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2a90000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
30121d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
30131d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d431:<flags> [calling]
30141d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9060000 'C:\Windows\system32\Iphlpapi.dll'
30151d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
30161d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
30171d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
30181d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC0AE0624E37D3E65E0DF3478A34662E1498D862
30191d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_211_for_KB2775511~31bf3856ad364e35~amd64~~6.1.2.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
30201d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30211d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30221d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
30231d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30241d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
30251d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
30261d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30271d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30281d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30291d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30301d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30311d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30321d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e581:<flags> [calling]
30331d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
30341d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef8d40000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
30351d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
30361d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d40000 'C:\Windows\system32\dhcpcsvc6.DLL'
30371d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
30381d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e2a1:<flags> [calling]
30391d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9060000 'C:\Windows\system32\IPHLPAPI.DLL'
30401d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fa8 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
30411d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
30421d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
30431d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
30441d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
30451d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30461d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30471d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
30481d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
30491d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
30501d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
30511d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
30521d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
30531d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
30541d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
30551d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30561d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30571d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30581d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30591d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30601d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30611d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e5d1:<flags> [calling]
30621d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
30631d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef8d20000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
30641d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
30651d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d20000 'C:\Windows\system32\dhcpcsvc.DLL'
30661d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
30671d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e231:<flags> [calling]
30681d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9060000 'C:\Windows\system32\IPHLPAPI.DLL'
30691d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000101c pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
30701d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
30711d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
30721d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
30731d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll'
30741d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30751d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30761d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30771d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30781d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
30791d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30801d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
30811d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
30821d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
30831d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001020 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll
30841d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
30851d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
30861d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
30871d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll'
30881d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30891d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30901d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
30911d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
30921d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30931d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30941d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
30951d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
30961d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30971d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30981d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30991d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31001d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31011d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31021d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31031d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31041d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31051d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31061d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31071d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31081d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
31091d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31101d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31111d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31121d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31131d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3f1:<flags> [calling]
31141d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
31151d64.16d8: supR3HardenedDllNotificationCallback: load 000007fefb490000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
31161d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
31171d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
31181d64.16d8: supR3HardenedDllNotificationCallback: load 000007fefb360000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
31191d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
31201d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefd0000 'C:\Windows\system32\ADVAPI32.dll'
31211d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb490000 'C:\Windows\System32\MMDevApi.dll'
31221d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
31231d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
31241d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d721:<flags> [calling]
31251d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0d0000 'C:\Windows\system32\SETUPAPI.dll'
31261d64.1614: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
31271d64.1614: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000204af861:<flags> [calling]
31281d64.1614: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CFGMGR32.dll'
31291d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001070 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
31301d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
31311d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
31321d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
31331d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
31341d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31351d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31361d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
31371d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31381d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31391d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
31401d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
31411d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
31421d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
31431d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
31441d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
31451d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
31461d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
31471d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
31481d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
31491d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31501d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31511d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31521d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31531d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31541d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31551d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31561d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31571d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d521:<flags> [calling]
31581d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
31591d64.16d8: supR3HardenedDllNotificationCallback: load 000007feebbb0000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
31601d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
31611d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
31621d64.16d8: supR3HardenedDllNotificationCallback: load 000007fefab20000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
31631d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
31641d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
31651d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820c891:<flags> [calling]
31661d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\System32\dsound.dll'
31671d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\System32\dsound.dll'
31681d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
31691d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d591:<flags> [calling]
31701d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\system32\dsound.dll'
31711d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
31721d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e191:<flags> [calling]
31731d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe460000 'C:\Windows\system32\SHLWAPI.dll'
31741d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
31751d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820e3b1:<flags> [calling]
31761d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb490000 'C:\Windows\system32\MMDEVAPI.DLL'
31771d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
31781d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
31791d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dfe1:<flags> [calling]
31801d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
31811d64.16d8: supR3HardenedIsApiSetDll: '<NULL>' -> true
31821d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000820de41:<flags> [calling]
31831d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
31841d64.16d8: supR3HardenedIsApiSetDll: '<NULL>' -> true
31851d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000820de41:<flags> [calling]
31861d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0b0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
31871d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea80000 'C:\Windows\system32\RPCRT4.dll'
31881d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
31891d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dea1:<flags> [calling]
31901d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb490000 'C:\Windows\system32\MMDevAPI.DLL'
31911d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001080 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
31921d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
31931d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
31941d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
31951d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
31961d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31971d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31981d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
31991d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32001d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
32011d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
32021d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
32031d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32041d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
32051d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
32061d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32071d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32081d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32091d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001098 pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll
32101d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
32111d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
32121d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
32131d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll'
32141d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32151d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
32161d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
32171d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32181d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32191d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
32201d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
32211d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
32221d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001084 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll
32231d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
32241d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
32251d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
32261d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll'
32271d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32281d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32291d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
32301d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
32311d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32321d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32331d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32341d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32351d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32361d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32371d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32381d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32391d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
32401d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32411d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32421d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32431d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32441d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820da11:<flags> [calling]
32451d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32461d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef1850000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
32471d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32481d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
32491d64.16d8: supR3HardenedDllNotificationCallback: load 0000000073490000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
32501d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
32511d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
32521d64.16d8: supR3HardenedDllNotificationCallback: load 000007fefab10000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
32531d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
32541d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
32551d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32561d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820da11:<flags> [calling]
32571d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
32581d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32591d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbc1:<flags> [calling]
32601d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
32611d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32621d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbc1:<flags> [calling]
32631d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
32641d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
32651d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbc1:<flags> [calling]
32661d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
32671d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010c0 pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll
32681d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
32691d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
32701d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
32711d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll'
32721d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32731d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32741d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32751d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32761d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
32771d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
32781d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
32791d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32801d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
32811d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
32821d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32831d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32841d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
32851d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32861d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32871d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32881d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32891d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
32901d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
32911d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32921d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32931d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32941d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32951d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32961d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32971d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbd1:<flags> [calling]
32981d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
32991d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef8f10000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
33001d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
33011d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Windows\system32\AUDIOSES.DLL'
33021d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
33031d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbc1:<flags> [calling]
33041d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33051d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
33061d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dbc1:<flags> [calling]
33071d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33081d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33091d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33101d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33111d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33121d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33131d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33141d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1850000 'C:\Windows\system32\wdmaud.drv'
33151d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010b0 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
33161d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
33171d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
33181d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
33191d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
33201d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33211d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33221d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33231d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
33241d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
33251d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
33261d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
33271d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33281d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33291d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33301d64.16d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
33311d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
33321d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
33331d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d4 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll
33341d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
33351d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
33361d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
33371d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll'
33381d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33391d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33401d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
33411d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33421d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33431d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
33441d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
33451d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
33461d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33471d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33481d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33491d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33501d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33511d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33521d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33531d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33541d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
33551d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
33561d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33571d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33581d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33591d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33601d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33611d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33621d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d9c1:<flags> [calling]
33631d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33641d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef97f0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
33651d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33661d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
33671d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef3330000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
33681d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
33691d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33701d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33711d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33721d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33731d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33741d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33751d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33761d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33771d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33781d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33791d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33801d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33811d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33821d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33831d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33841d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33851d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
33861d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d3c1:<flags> [calling]
33871d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33881d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33891d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33901d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef97f0000 'C:\Windows\system32\msacm32.drv'
33911d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010d8 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
33921d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000285f110
33931d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000285f110
33941d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
33951d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
33961d64.16d8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33971d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33981d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
33991d64.16d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
34001d64.16d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
34011d64.16d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
34021d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34031d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34041d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34051d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34061d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34071d64.16d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34081d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d9c1:<flags> [calling]
34091d64.16d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
34101d64.16d8: supR3HardenedDllNotificationCallback: load 000007fef7b00000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
34111d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
34121d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b00000 'C:\Windows\system32\midimap.dll'
34131d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
34141d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d391:<flags> [calling]
34151d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b00000 'C:\Windows\system32\midimap.dll'
34161d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
34171d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d391:<flags> [calling]
34181d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b00000 'C:\Windows\system32\midimap.dll'
34191d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
34201d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d9c1:<flags> [calling]
34211d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b00000 'C:\Windows\system32\midimap.dll'
34221d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34231d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34241d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34251d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\ole32.dll'
34261d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
34271d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820dfe1:<flags> [calling]
34281d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34291d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34301d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34311d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34321d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34331d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34341d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34351d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34361d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
34371d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820d5a1:<flags> [calling]
34381d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\system32\dsound.dll'
34391d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34401d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
34411d64.2a44: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\OLEAUT32.dll'
34421d64.16d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
34431d64.16d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000820c541:<flags> [calling]
34441d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\system32\dsound.dll'
34451d64.16d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34461d64.2a20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
34471d64.2a20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000659cd541:<flags> [calling]
34481d64.2a20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8f10000 'C:\Windows\System32\audioses.dll'
34491d64.1f98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
34501d64.1f98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000d3f3f941:<flags> [calling]
34511d64.1f98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab10000 'C:\Windows\system32\avrt.dll'
34521d64.2a18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
34531d64.2a18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000889c501:<flags> [calling]
34541d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebbb0000 'C:\Windows\system32\dsound.dll'
34551d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34561d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34571d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34581d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34591d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34601d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34611d64.2a18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
34621d64.2a18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000889cf51:<flags> [calling]
34631d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34641d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34651d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34661d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34671d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34681d64.2a18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9020000 'C:\Windows\system32\winmm.dll'
34691390.2908: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 14004222 ms, the end);
34702a24.1608: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xcfffffff (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 14004943 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy