VirtualBox

Ticket #20516: VBoxHardening.log

File VBoxHardening.log, 375.2 KB (added by Asper, 3 years ago)
Line 
11d38.2220: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x611db110
21d38.2220: \SystemRoot\System32\ntdll.dll:
31d38.2220: CreationTime: 2018-03-25T20:53:42.618319300Z
41d38.2220: LastWriteTime: 2017-09-13T15:31:56.094569800Z
51d38.2220: ChangeTime: 2018-03-25T21:19:31.922240800Z
61d38.2220: FileAttributes: 0x20
71d38.2220: Size: 0x1a7100
81d38.2220: NT Headers: 0xe0
91d38.2220: Timestamp: 0x59b94ee4
101d38.2220: Machine: 0x8664 - amd64
111d38.2220: Timestamp: 0x59b94ee4
121d38.2220: Image Version: 6.1
131d38.2220: SizeOfImage: 0x1aa000 (1744896)
141d38.2220: Resource Dir: 0x14e000 LB 0x5a028
151d38.2220: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161d38.2220: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
171d38.2220: ProductName: Microsoft® Windows® Operating System
181d38.2220: ProductVersion: 6.1.7601.23915
191d38.2220: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
201d38.2220: FileDescription: NT Layer DLL
211d38.2220: \SystemRoot\System32\kernel32.dll:
221d38.2220: CreationTime: 2018-03-25T20:53:41.495117400Z
231d38.2220: LastWriteTime: 2017-09-13T15:27:59.681000000Z
241d38.2220: ChangeTime: 2018-03-25T21:19:32.281041400Z
251d38.2220: FileAttributes: 0x20
261d38.2220: Size: 0x11c000
271d38.2220: NT Headers: 0xe0
281d38.2220: Timestamp: 0x59b94f29
291d38.2220: Machine: 0x8664 - amd64
301d38.2220: Timestamp: 0x59b94f29
311d38.2220: Image Version: 6.1
321d38.2220: SizeOfImage: 0x11f000 (1175552)
331d38.2220: Resource Dir: 0x116000 LB 0x528
341d38.2220: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351d38.2220: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
361d38.2220: ProductName: Microsoft® Windows® Operating System
371d38.2220: ProductVersion: 6.1.7601.23915
381d38.2220: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
391d38.2220: FileDescription: Windows NT BASE API Client DLL
401d38.2220: \SystemRoot\System32\KernelBase.dll:
411d38.2220: CreationTime: 2018-03-25T20:53:41.151916800Z
421d38.2220: LastWriteTime: 2017-09-13T15:27:59.681000000Z
431d38.2220: ChangeTime: 2018-03-25T21:19:32.281041400Z
441d38.2220: FileAttributes: 0x20
451d38.2220: Size: 0x66800
461d38.2220: NT Headers: 0xe8
471d38.2220: Timestamp: 0x59b94f2a
481d38.2220: Machine: 0x8664 - amd64
491d38.2220: Timestamp: 0x59b94f2a
501d38.2220: Image Version: 6.1
511d38.2220: SizeOfImage: 0x6a000 (434176)
521d38.2220: Resource Dir: 0x68000 LB 0x530
531d38.2220: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541d38.2220: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
551d38.2220: ProductName: Microsoft® Windows® Operating System
561d38.2220: ProductVersion: 6.1.7601.23915
571d38.2220: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
581d38.2220: FileDescription: Windows NT BASE API Client DLL
591d38.2220: \SystemRoot\System32\apisetschema.dll:
601d38.2220: CreationTime: 2018-03-25T20:53:38.889912800Z
611d38.2220: LastWriteTime: 2017-09-13T15:27:55.360000000Z
621d38.2220: ChangeTime: 2018-03-25T21:19:31.906640700Z
631d38.2220: FileAttributes: 0x20
641d38.2220: Size: 0x1a00
651d38.2220: NT Headers: 0xc0
661d38.2220: Timestamp: 0x59b94ec4
671d38.2220: Machine: 0x8664 - amd64
681d38.2220: Timestamp: 0x59b94ec4
691d38.2220: Image Version: 6.1
701d38.2220: SizeOfImage: 0x50000 (327680)
711d38.2220: Resource Dir: 0x30000 LB 0x3f8
721d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731d38.2220: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
741d38.2220: ProductName: Microsoft® Windows® Operating System
751d38.2220: ProductVersion: 6.1.7601.23915
761d38.2220: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
771d38.2220: FileDescription: ApiSet Schema DLL
781d38.2220: NtOpenDirectoryObject failed on \Driver: 0xc0000022
791d38.2220: supR3HardenedWinFindAdversaries: 0x4
801d38.2220: \SystemRoot\System32\drivers\aswMonFlt.sys:
811d38.2220: CreationTime: 2020-10-19T13:51:25.883123000Z
821d38.2220: LastWriteTime: 2021-08-06T13:46:12.019609300Z
831d38.2220: ChangeTime: 2021-08-06T13:46:12.019609300Z
841d38.2220: FileAttributes: 0x20
851d38.2220: Size: 0x2d148
861d38.2220: NT Headers: 0xe0
871d38.2220: Timestamp: 0x60fee4ba
881d38.2220: Machine: 0x8664 - amd64
891d38.2220: Timestamp: 0x60fee4ba
901d38.2220: Image Version: 10.0
911d38.2220: SizeOfImage: 0x3a000 (237568)
921d38.2220: Resource Dir: 0x38000 LB 0x3a0
931d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
941d38.2220: [Raw version resource data: 0x38060 LB 0x340, codepage 0x0 (reserved 0x0)]
951d38.2220: ProductName: Avast Antivirus
961d38.2220: ProductVersion: 21.6.270.0
971d38.2220: FileVersion: 21.6.270.0
981d38.2220: FileDescription: Avast File System Filter
991d38.2220: \SystemRoot\System32\drivers\aswRdr2.sys:
1001d38.2220: CreationTime: 2018-04-15T20:50:53.476669700Z
1011d38.2220: LastWriteTime: 2021-08-06T13:46:12.009609300Z
1021d38.2220: ChangeTime: 2021-08-06T13:46:12.009609300Z
1031d38.2220: FileAttributes: 0x20
1041d38.2220: Size: 0x1a778
1051d38.2220: NT Headers: 0xf8
1061d38.2220: Timestamp: 0x60fee4bb
1071d38.2220: Machine: 0x8664 - amd64
1081d38.2220: Timestamp: 0x60fee4bb
1091d38.2220: Image Version: 10.0
1101d38.2220: SizeOfImage: 0x1b000 (110592)
1111d38.2220: Resource Dir: 0x19000 LB 0x388
1121d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1131d38.2220: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
1141d38.2220: ProductName: Avast Antivirus
1151d38.2220: ProductVersion: 21.6.270.0
1161d38.2220: FileVersion: 21.6.270.0
1171d38.2220: FileDescription: Avast Antivirus
1181d38.2220: \SystemRoot\System32\drivers\aswRvrt.sys:
1191d38.2220: CreationTime: 2018-04-15T20:50:53.523469800Z
1201d38.2220: LastWriteTime: 2021-08-06T13:46:12.029609300Z
1211d38.2220: ChangeTime: 2021-08-06T13:46:12.029609300Z
1221d38.2220: FileAttributes: 0x20
1231d38.2220: Size: 0x143d8
1241d38.2220: NT Headers: 0xe0
1251d38.2220: Timestamp: 0x60fee4b9
1261d38.2220: Machine: 0x8664 - amd64
1271d38.2220: Timestamp: 0x60fee4b9
1281d38.2220: Image Version: 10.0
1291d38.2220: SizeOfImage: 0x13000 (77824)
1301d38.2220: Resource Dir: 0x11000 LB 0x380
1311d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1321d38.2220: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
1331d38.2220: ProductName: Avast Antivirus
1341d38.2220: ProductVersion: 21.6.270.0
1351d38.2220: FileVersion: 21.6.270.0
1361d38.2220: FileDescription: Avast Revert
1371d38.2220: \SystemRoot\System32\drivers\aswSnx.sys:
1381d38.2220: CreationTime: 2018-04-15T20:50:53.476669700Z
1391d38.2220: LastWriteTime: 2021-08-06T13:46:09.716605900Z
1401d38.2220: ChangeTime: 2021-08-06T13:46:09.716605900Z
1411d38.2220: FileAttributes: 0x20
1421d38.2220: Size: 0xcfef8
1431d38.2220: NT Headers: 0xf8
1441d38.2220: Timestamp: 0x60fee4bd
1451d38.2220: Machine: 0x8664 - amd64
1461d38.2220: Timestamp: 0x60fee4bd
1471d38.2220: Image Version: 10.0
1481d38.2220: SizeOfImage: 0xcd000 (839680)
1491d38.2220: Resource Dir: 0xca000 LB 0x388
1501d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1511d38.2220: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
1521d38.2220: ProductName: Avast Antivirus
1531d38.2220: ProductVersion: 21.6.270.0
1541d38.2220: FileVersion: 21.6.270.0
1551d38.2220: FileDescription: Avast Antivirus
1561d38.2220: \SystemRoot\System32\drivers\aswsp.sys:
1571d38.2220: CreationTime: 2018-04-15T20:50:53.523469800Z
1581d38.2220: LastWriteTime: 2021-08-06T13:46:12.039609400Z
1591d38.2220: ChangeTime: 2021-08-06T13:46:12.039609400Z
1601d38.2220: FileAttributes: 0x20
1611d38.2220: Size: 0x73370
1621d38.2220: NT Headers: 0xe8
1631d38.2220: Timestamp: 0x60fee4c7
1641d38.2220: Machine: 0x8664 - amd64
1651d38.2220: Timestamp: 0x60fee4c7
1661d38.2220: Image Version: 10.0
1671d38.2220: SizeOfImage: 0x74000 (475136)
1681d38.2220: Resource Dir: 0x72000 LB 0x388
1691d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1701d38.2220: [Raw version resource data: 0x72060 LB 0x328, codepage 0x0 (reserved 0x0)]
1711d38.2220: ProductName: Avast Antivirus
1721d38.2220: ProductVersion: 21.6.270.0
1731d38.2220: FileVersion: 21.6.270.0
1741d38.2220: FileDescription: Avast Self Protection
1751d38.2220: \SystemRoot\System32\drivers\aswStm.sys:
1761d38.2220: CreationTime: 2021-08-06T13:46:14.764626800Z
1771d38.2220: LastWriteTime: 2021-08-06T13:46:12.249609600Z
1781d38.2220: ChangeTime: 2021-08-06T13:46:12.249609600Z
1791d38.2220: FileAttributes: 0x20
1801d38.2220: Size: 0x34960
1811d38.2220: NT Headers: 0xf8
1821d38.2220: Timestamp: 0x60fee4bb
1831d38.2220: Machine: 0x8664 - amd64
1841d38.2220: Timestamp: 0x60fee4bb
1851d38.2220: Image Version: 10.0
1861d38.2220: SizeOfImage: 0x34000 (212992)
1871d38.2220: Resource Dir: 0x32000 LB 0x390
1881d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1891d38.2220: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
1901d38.2220: ProductName: Avast Antivirus
1911d38.2220: ProductVersion: 21.6.270.0
1921d38.2220: FileVersion: 21.6.270.0
1931d38.2220: FileDescription: Avast Stream Filter
1941d38.2220: \SystemRoot\System32\drivers\aswVmm.sys:
1951d38.2220: CreationTime: 2018-04-15T20:50:53.539069800Z
1961d38.2220: LastWriteTime: 2021-08-06T13:46:12.647616200Z
1971d38.2220: ChangeTime: 2021-08-06T13:46:12.647616200Z
1981d38.2220: FileAttributes: 0x20
1991d38.2220: Size: 0x50378
2001d38.2220: NT Headers: 0xf8
2011d38.2220: Timestamp: 0x60fee4ba
2021d38.2220: Machine: 0x8664 - amd64
2031d38.2220: Timestamp: 0x60fee4ba
2041d38.2220: Image Version: 10.0
2051d38.2220: SizeOfImage: 0x4d000 (315392)
2061d38.2220: Resource Dir: 0x4b000 LB 0x388
2071d38.2220: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2081d38.2220: [Raw version resource data: 0x4b060 LB 0x328, codepage 0x0 (reserved 0x0)]
2091d38.2220: ProductName: Avast Antivirus
2101d38.2220: ProductVersion: 21.6.270.0
2111d38.2220: FileVersion: 21.6.270.0
2121d38.2220: FileDescription: Avast VM Monitor
2131d38.2220: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2141d38.2220: Calling main()
2151d38.2220: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
2161d38.2220: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2171d38.2220: SUPR3HardenedMain: Respawn #1
2181d38.2220: System32: \Device\HarddiskVolume2\Windows\System32
2191d38.2220: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2201d38.2220: KnownDllPath: C:\Windows\system32
2211d38.2220: supR3HardenedWinInit: Performing a limited self purification...
2221d38.2220: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
2231d38.2220: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2241d38.2220: *0000000000010000-0000000000010fff 0x0010/0x0010 0x0040000 !!
2251d38.2220: 0000000000011000-000000000001ffff 0x0001/0x0000 0x0000000
2261d38.2220: *0000000000020000-000000000002ffff 0x0004/0x0004 0x0040000
2271d38.2220: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
2281d38.2220: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
2291d38.2220: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
2301d38.2220: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
2311d38.2220: *0000000000050000-00000000000b6fff 0x0002/0x0002 0x0040000
2321d38.2220: 00000000000b7000-00000000000dffff 0x0001/0x0000 0x0000000
2331d38.2220: *00000000000e0000-0000000000191fff 0x0000/0x0004 0x0020000
2341d38.2220: 0000000000192000-0000000000193fff 0x0104/0x0004 0x0020000
2351d38.2220: 0000000000194000-00000000001dffff 0x0004/0x0004 0x0020000
2361d38.2220: 00000000001e0000-000000000020ffff 0x0001/0x0000 0x0000000
2371d38.2220: *0000000000210000-0000000000215fff 0x0004/0x0004 0x0020000
2381d38.2220: 0000000000216000-000000000030ffff 0x0000/0x0004 0x0020000
2391d38.2220: 0000000000310000-000000000033ffff 0x0001/0x0000 0x0000000
2401d38.2220: *0000000000340000-00000000003bffff 0x0004/0x0004 0x0020000
2411d38.2220: *00000000003c0000-000000000056afff 0x0004/0x0004 0x0020000
2421d38.2220: 000000000056b000-000000000056ffff 0x0001/0x0000 0x0000000
2431d38.2220: *0000000000570000-0000000000589fff 0x0004/0x0004 0x0020000
2441d38.2220: 000000000058a000-000000000066ffff 0x0000/0x0004 0x0020000
2451d38.2220: 0000000000670000-000000003717ffff 0x0001/0x0000 0x0000000
2461d38.2220: *0000000037180000-000000003718ffff 0x0020/0x0040 0x0020000 !!
2471d38.2220: 0000000037190000-0000000076fcffff 0x0001/0x0000 0x0000000
2481d38.2220: *0000000076fd0000-0000000076fd0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2491d38.2220: 0000000076fd1000-000000007706bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2501d38.2220: 000000007706c000-00000000770d9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2511d38.2220: 00000000770da000-00000000770dbfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2521d38.2220: 00000000770dc000-00000000770eefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2531d38.2220: 00000000770ef000-00000000770effff 0x0001/0x0000 0x0000000
2541d38.2220: *00000000770f0000-00000000770f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2551d38.2220: 00000000770f1000-00000000771edfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2561d38.2220: 00000000771ee000-000000007721cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2571d38.2220: 000000007721d000-000000007721dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2581d38.2220: 000000007721e000-000000007721efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2591d38.2220: 000000007721f000-000000007721ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2601d38.2220: 0000000077220000-0000000077221fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2611d38.2220: 0000000077222000-0000000077222fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2621d38.2220: 0000000077223000-0000000077225fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2631d38.2220: 0000000077226000-0000000077227fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2641d38.2220: 0000000077228000-0000000077228fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2651d38.2220: 0000000077229000-0000000077229fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2661d38.2220: 000000007722a000-000000007722afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2671d38.2220: 000000007722b000-0000000077299fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2681d38.2220: 000000007729a000-000000007efdffff 0x0001/0x0000 0x0000000
2691d38.2220: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
2701d38.2220: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
2711d38.2220: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
2721d38.2220: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2731d38.2220: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2741d38.2220: 000000007fff0000-000000013fbaffff 0x0001/0x0000 0x0000000
2751d38.2220: *000000013fbb0000-000000013fbb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2761d38.2220: 000000013fbb1000-000000013fc27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2771d38.2220: 000000013fc28000-000000013fc28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2781d38.2220: 000000013fc29000-000000013fc71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2791d38.2220: 000000013fc72000-000000013fc74fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2801d38.2220: 000000013fc75000-000000013fc77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2811d38.2220: 000000013fc78000-000000013fc7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2821d38.2220: 000000013fc7b000-000000013fc7bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2831d38.2220: 000000013fc7c000-000000013fc7dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2841d38.2220: 000000013fc7e000-000000013fc7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2851d38.2220: 000000013fc7f000-000000013fcc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2861d38.2220: 000000013fcc8000-000007feef76ffff 0x0001/0x0000 0x0000000
2871d38.2220: *000007feef770000-000007feef770fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2881d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef770000 LB 0x1000 (base 000007feef770000) - 'aswhook.dll'
2891d38.2220: 000007feef771000-000007feef778fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2901d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef771000 LB 0x8000 (base 000007feef770000) - 'aswhook.dll'
2911d38.2220: 000007feef779000-000007feef77bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2921d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef779000 LB 0x3000 (base 000007feef770000) - 'aswhook.dll'
2931d38.2220: 000007feef77c000-000007feef77dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2941d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef77c000 LB 0x2000 (base 000007feef770000) - 'aswhook.dll'
2951d38.2220: 000007feef77e000-000007feef781fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2961d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef77e000 LB 0x4000 (base 000007feef770000) - 'aswhook.dll'
2971d38.2220: 000007feef782000-000007feef782fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
2981d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef782000 LB 0x1000 (base 000007feef770000) - 'aswhook.dll'
2991d38.2220: 000007feef783000-000007feef784fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
3001d38.2220: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007feef783000 LB 0x2000 (base 000007feef770000) - 'aswhook.dll'
3011d38.2220: 000007feef785000-000007fefcecffff 0x0001/0x0000 0x0000000
3021d38.2220: *000007fefced0000-000007fefced0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3031d38.2220: 000007fefced1000-000007fefcf19fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3041d38.2220: 000007fefcf1a000-000007fefcf2efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3051d38.2220: 000007fefcf2f000-000007fefcf30fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3061d38.2220: 000007fefcf31000-000007fefcf39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3071d38.2220: 000007fefcf3a000-000007feff40ffff 0x0001/0x0000 0x0000000
3081d38.2220: *000007feff410000-000007feff410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3091d38.2220: 000007feff411000-000007fffffaffff 0x0001/0x0000 0x0000000
3101d38.2220: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3111d38.2220: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
3121d38.2220: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
3131d38.2220: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
3141d38.2220: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3151d38.2220: apisetschema.dll: timestamp 0x59b94ec4 (rc=VINF_SUCCESS)
3161d38.2220: kernelbase.dll: timestamp 0x59b94f2a (rc=VINF_SUCCESS)
3171d38.2220: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
3181d38.2220: kernel32.dll: timestamp 0x59b94f29 (rc=VINF_SUCCESS)
3191d38.2220: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3201d38.2220: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3211d38.2220: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3221d38.2220: \SystemRoot\System32\ntdll.dll: Signature #1/1: info status: 24202
3231d38.2220: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3241d38.2220: ntdll.dll: Differences in section #1 (.text) between file and memory:
3251d38.2220: 0000000077114170 / 0x0024170: 4c != e9
3261d38.2220: 0000000077114171 / 0x0024171: 89 != 63
3271d38.2220: 0000000077114172 / 0x0024172: 4c != c0
3281d38.2220: 0000000077114173 / 0x0024173: 24 != 06
3291d38.2220: 0000000077114174 / 0x0024174: 20 != c0
3301d38.2220: 0000000077114175 / 0x0024175: 48 != cc
3311d38.2220: 0000000077114176 / 0x0024176: 89 != cc
3321d38.2220: 0000000077114177 / 0x0024177: 54 != cc
3331d38.2220: 0000000077114178 / 0x0024178: 24 != cc
3341d38.2220: 0000000077114179 / 0x0024179: 10 != cc
3351d38.2220: Restored 0x2000 bytes of original file content at 0000000077113000
3361d38.2220: ntdll.dll: Differences in section #1 (.text) between file and memory:
3371d38.2220: 0000000077116130 / 0x0026130: 48 != e9
3381d38.2220: 0000000077116131 / 0x0026131: 89 != 03
3391d38.2220: 0000000077116132 / 0x0026132: 5c != a1
3401d38.2220: 0000000077116133 / 0x0026133: 24 != 06
3411d38.2220: 0000000077116134 / 0x0026134: 10 != c0
3421d38.2220: 0000000077116135 / 0x0026135: 48 != cc
3431d38.2220: 0000000077116136 / 0x0026136: 89 != cc
3441d38.2220: 0000000077116137 / 0x0026137: 6c != cc
3451d38.2220: 0000000077116138 / 0x0026138: 24 != cc
3461d38.2220: 0000000077116139 / 0x0026139: 18 != cc
3471d38.2220: Restored 0x2000 bytes of original file content at 0000000077115000
3481d38.2220: ntdll.dll: Differences in section #1 (.text) between file and memory:
3491d38.2220: 00000000771926a0 / 0x00a26a0: 48 != e9
3501d38.2220: 00000000771926a1 / 0x00a26a1: 89 != d3
3511d38.2220: 00000000771926a2 / 0x00a26a2: 5c != da
3521d38.2220: 00000000771926a3 / 0x00a26a3: 24 != fe
3531d38.2220: 00000000771926a4 / 0x00a26a4: 08 != bf
3541d38.2220: 00000000771926a5 / 0x00a26a5: 48 != cc
3551d38.2220: 00000000771926a6 / 0x00a26a6: 89 != cc
3561d38.2220: 00000000771926a7 / 0x00a26a7: 74 != cc
3571d38.2220: 00000000771926a8 / 0x00a26a8: 24 != cc
3581d38.2220: 00000000771926a9 / 0x00a26a9: 10 != cc
3591d38.2220: Restored 0x2000 bytes of original file content at 0000000077191c98
3601d38.2220: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=3
3611d38.2220: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
3621d38.2220: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3631d38.2220: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3641d38.2220: supR3HardNtEnableThreadCreationEx:
3651d38.2220: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007711a360 pvNtTerminateThread=000000007713c260
3661d38.2220: supR3HardenedWinDoReSpawn(1): New child 16dc.568 [kernel32].
3671d38.2220: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
3681d38.2220: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770f0000 uNtDllChildAddr=00000000770f0000
3691d38.2220: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007711a360
3701d38.2220: supR3HardenedWinSetupChildInit: Initial context:
371 rax=0000000000000000 rbx=0000000000000000 rcx=000000013fbb7900 rdx=000007fffffdf000
372 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
373 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
374 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
375 rip=000000007711a540 rsp=000000000028fc88 rbp=0000000000000000 ctxflags=0010001b
376 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
377 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
378 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
379 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
380 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
3811d38.2220: supR3HardenedWinSetupChildInit: Start child.
3821d38.2220: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3831d38.2220: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3841d38.2220: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3851d38.2220: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
3861d38.2220: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
3871d38.2220: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
3881d38.2220: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
3891d38.2220: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
3901d38.2220: 0000000000041000-000000000018ffff 0x0001/0x0000 0x0000000
3911d38.2220: *0000000000190000-000000000028bfff 0x0000/0x0004 0x0020000
3921d38.2220: 000000000028c000-000000000028dfff 0x0104/0x0004 0x0020000
3931d38.2220: 000000000028e000-000000000028ffff 0x0004/0x0004 0x0020000
3941d38.2220: 0000000000290000-00000000770effff 0x0001/0x0000 0x0000000
3951d38.2220: *00000000770f0000-00000000770f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3961d38.2220: 00000000770f1000-00000000771edfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3971d38.2220: 00000000771ee000-000000007721cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3981d38.2220: 000000007721d000-0000000077226fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
3991d38.2220: 0000000077227000-0000000077227fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4001d38.2220: 0000000077228000-000000007722afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4011d38.2220: 000000007722b000-0000000077299fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4021d38.2220: 000000007729a000-000000007efdffff 0x0001/0x0000 0x0000000
4031d38.2220: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
4041d38.2220: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
4051d38.2220: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
4061d38.2220: 000000007fff0000-000000013fbaffff 0x0001/0x0000 0x0000000
4071d38.2220: *000000013fbb0000-000000013fbb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4081d38.2220: 000000013fbb1000-000000013fc27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4091d38.2220: 000000013fc28000-000000013fc28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4101d38.2220: 000000013fc29000-000000013fc71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4111d38.2220: 000000013fc72000-000000013fc72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4121d38.2220: 000000013fc73000-000000013fc73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4131d38.2220: 000000013fc74000-000000013fc78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4141d38.2220: 000000013fc79000-000000013fc79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4151d38.2220: 000000013fc7a000-000000013fc7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4161d38.2220: 000000013fc7b000-000000013fc7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4171d38.2220: 000000013fc7f000-000000013fcc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
4181d38.2220: 000000013fcc8000-000007feff40ffff 0x0001/0x0000 0x0000000
4191d38.2220: *000007feff410000-000007feff410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4201d38.2220: 000007feff411000-000007fffffaffff 0x0001/0x0000 0x0000000
4211d38.2220: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
4221d38.2220: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
4231d38.2220: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
4241d38.2220: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
4251d38.2220: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
4261d38.2220: supR3HardNtChildPurify: Done after 526 ms and 0 fixes (loop #0).
42716dc.568: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
42816dc.568: supR3HardenedVmProcessInit: uNtDllAddr=00000000770f0000 g_uNtVerCombined=0x611db100 (stack ~000000000028f738)
42916dc.568: ntdll.dll: timestamp 0x59b94ee4 (rc=VINF_SUCCESS)
43016dc.568: New simple heap: #1 0000000000290000 LB 0x400000 (for 1744896 allocation)
4311d38.2220: supR3HardNtEnableThreadCreationEx:
43216dc.568: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
43316dc.568: System32: \Device\HarddiskVolume2\Windows\System32
43416dc.568: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
43516dc.568: KnownDllPath: C:\Windows\system32
43616dc.568: supR3HardenedVmProcessInit: Opening vboxdrv stub...
43716dc.568: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
43816dc.568: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
43916dc.568: Registered Dll notification callback with NTDLL.
44016dc.568: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
44116dc.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
44216dc.568: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
44316dc.568: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
44416dc.568: supR3HardenedDllNotificationCallback: load 0000000076fd0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
44516dc.568: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
44616dc.568: supR3HardenedDllNotificationCallback: load 000007fefced0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
44716dc.568: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
44816dc.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
44916dc.568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fd0000 'C:\Windows\system32\kernel32.dll'
45016dc.568: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007711a360 pvNtTerminateThread=000000007713c260
4511d38.2220: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 53 ms.
45216dc.568: \SystemRoot\System32\ntdll.dll:
45316dc.568: CreationTime: 2018-03-25T20:53:42.618319300Z
45416dc.568: LastWriteTime: 2017-09-13T15:31:56.094569800Z
45516dc.568: ChangeTime: 2018-03-25T21:19:31.922240800Z
45616dc.568: FileAttributes: 0x20
45716dc.568: Size: 0x1a7100
45816dc.568: NT Headers: 0xe0
45916dc.568: Timestamp: 0x59b94ee4
46016dc.568: Machine: 0x8664 - amd64
46116dc.568: Timestamp: 0x59b94ee4
46216dc.568: Image Version: 6.1
46316dc.568: SizeOfImage: 0x1aa000 (1744896)
46416dc.568: Resource Dir: 0x14e000 LB 0x5a028
46516dc.568: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
46616dc.568: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
46716dc.568: ProductName: Microsoft® Windows® Operating System
46816dc.568: ProductVersion: 6.1.7601.23915
46916dc.568: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
47016dc.568: FileDescription: NT Layer DLL
47116dc.568: \SystemRoot\System32\kernel32.dll:
47216dc.568: CreationTime: 2018-03-25T20:53:41.495117400Z
47316dc.568: LastWriteTime: 2017-09-13T15:27:59.681000000Z
47416dc.568: ChangeTime: 2018-03-25T21:19:32.281041400Z
47516dc.568: FileAttributes: 0x20
47616dc.568: Size: 0x11c000
47716dc.568: NT Headers: 0xe0
47816dc.568: Timestamp: 0x59b94f29
47916dc.568: Machine: 0x8664 - amd64
48016dc.568: Timestamp: 0x59b94f29
48116dc.568: Image Version: 6.1
48216dc.568: SizeOfImage: 0x11f000 (1175552)
48316dc.568: Resource Dir: 0x116000 LB 0x528
48416dc.568: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
48516dc.568: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
48616dc.568: ProductName: Microsoft® Windows® Operating System
48716dc.568: ProductVersion: 6.1.7601.23915
48816dc.568: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
48916dc.568: FileDescription: Windows NT BASE API Client DLL
49016dc.568: \SystemRoot\System32\KernelBase.dll:
49116dc.568: CreationTime: 2018-03-25T20:53:41.151916800Z
49216dc.568: LastWriteTime: 2017-09-13T15:27:59.681000000Z
49316dc.568: ChangeTime: 2018-03-25T21:19:32.281041400Z
49416dc.568: FileAttributes: 0x20
49516dc.568: Size: 0x66800
49616dc.568: NT Headers: 0xe8
49716dc.568: Timestamp: 0x59b94f2a
49816dc.568: Machine: 0x8664 - amd64
49916dc.568: Timestamp: 0x59b94f2a
50016dc.568: Image Version: 6.1
50116dc.568: SizeOfImage: 0x6a000 (434176)
50216dc.568: Resource Dir: 0x68000 LB 0x530
50316dc.568: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
50416dc.568: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
50516dc.568: ProductName: Microsoft® Windows® Operating System
50616dc.568: ProductVersion: 6.1.7601.23915
50716dc.568: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
50816dc.568: FileDescription: Windows NT BASE API Client DLL
50916dc.568: \SystemRoot\System32\apisetschema.dll:
51016dc.568: CreationTime: 2018-03-25T20:53:38.889912800Z
51116dc.568: LastWriteTime: 2017-09-13T15:27:55.360000000Z
51216dc.568: ChangeTime: 2018-03-25T21:19:31.906640700Z
51316dc.568: FileAttributes: 0x20
51416dc.568: Size: 0x1a00
51516dc.568: NT Headers: 0xc0
51616dc.568: Timestamp: 0x59b94ec4
51716dc.568: Machine: 0x8664 - amd64
51816dc.568: Timestamp: 0x59b94ec4
51916dc.568: Image Version: 6.1
52016dc.568: SizeOfImage: 0x50000 (327680)
52116dc.568: Resource Dir: 0x30000 LB 0x3f8
52216dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
52316dc.568: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
52416dc.568: ProductName: Microsoft® Windows® Operating System
52516dc.568: ProductVersion: 6.1.7601.23915
52616dc.568: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
52716dc.568: FileDescription: ApiSet Schema DLL
52816dc.568: NtOpenDirectoryObject failed on \Driver: 0xc0000022
52916dc.568: supR3HardenedWinFindAdversaries: 0x4
53016dc.568: \SystemRoot\System32\drivers\aswMonFlt.sys:
53116dc.568: CreationTime: 2020-10-19T13:51:25.883123000Z
53216dc.568: LastWriteTime: 2021-08-06T13:46:12.019609300Z
53316dc.568: ChangeTime: 2021-08-06T13:46:12.019609300Z
53416dc.568: FileAttributes: 0x20
53516dc.568: Size: 0x2d148
53616dc.568: NT Headers: 0xe0
53716dc.568: Timestamp: 0x60fee4ba
53816dc.568: Machine: 0x8664 - amd64
53916dc.568: Timestamp: 0x60fee4ba
54016dc.568: Image Version: 10.0
54116dc.568: SizeOfImage: 0x3a000 (237568)
54216dc.568: Resource Dir: 0x38000 LB 0x3a0
54316dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
54416dc.568: [Raw version resource data: 0x38060 LB 0x340, codepage 0x0 (reserved 0x0)]
54516dc.568: ProductName: Avast Antivirus
54616dc.568: ProductVersion: 21.6.270.0
54716dc.568: FileVersion: 21.6.270.0
54816dc.568: FileDescription: Avast File System Filter
54916dc.568: \SystemRoot\System32\drivers\aswRdr2.sys:
55016dc.568: CreationTime: 2018-04-15T20:50:53.476669700Z
55116dc.568: LastWriteTime: 2021-08-06T13:46:12.009609300Z
55216dc.568: ChangeTime: 2021-08-06T13:46:12.009609300Z
55316dc.568: FileAttributes: 0x20
55416dc.568: Size: 0x1a778
55516dc.568: NT Headers: 0xf8
55616dc.568: Timestamp: 0x60fee4bb
55716dc.568: Machine: 0x8664 - amd64
55816dc.568: Timestamp: 0x60fee4bb
55916dc.568: Image Version: 10.0
56016dc.568: SizeOfImage: 0x1b000 (110592)
56116dc.568: Resource Dir: 0x19000 LB 0x388
56216dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
56316dc.568: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
56416dc.568: ProductName: Avast Antivirus
56516dc.568: ProductVersion: 21.6.270.0
56616dc.568: FileVersion: 21.6.270.0
56716dc.568: FileDescription: Avast Antivirus
56816dc.568: \SystemRoot\System32\drivers\aswRvrt.sys:
56916dc.568: CreationTime: 2018-04-15T20:50:53.523469800Z
57016dc.568: LastWriteTime: 2021-08-06T13:46:12.029609300Z
57116dc.568: ChangeTime: 2021-08-06T13:46:12.029609300Z
57216dc.568: FileAttributes: 0x20
57316dc.568: Size: 0x143d8
57416dc.568: NT Headers: 0xe0
57516dc.568: Timestamp: 0x60fee4b9
57616dc.568: Machine: 0x8664 - amd64
57716dc.568: Timestamp: 0x60fee4b9
57816dc.568: Image Version: 10.0
57916dc.568: SizeOfImage: 0x13000 (77824)
58016dc.568: Resource Dir: 0x11000 LB 0x380
58116dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
58216dc.568: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
58316dc.568: ProductName: Avast Antivirus
58416dc.568: ProductVersion: 21.6.270.0
58516dc.568: FileVersion: 21.6.270.0
58616dc.568: FileDescription: Avast Revert
58716dc.568: \SystemRoot\System32\drivers\aswSnx.sys:
58816dc.568: CreationTime: 2018-04-15T20:50:53.476669700Z
58916dc.568: LastWriteTime: 2021-08-06T13:46:09.716605900Z
59016dc.568: ChangeTime: 2021-08-06T13:46:09.716605900Z
59116dc.568: FileAttributes: 0x20
59216dc.568: Size: 0xcfef8
59316dc.568: NT Headers: 0xf8
59416dc.568: Timestamp: 0x60fee4bd
59516dc.568: Machine: 0x8664 - amd64
59616dc.568: Timestamp: 0x60fee4bd
59716dc.568: Image Version: 10.0
59816dc.568: SizeOfImage: 0xcd000 (839680)
59916dc.568: Resource Dir: 0xca000 LB 0x388
60016dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
60116dc.568: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
60216dc.568: ProductName: Avast Antivirus
60316dc.568: ProductVersion: 21.6.270.0
60416dc.568: FileVersion: 21.6.270.0
60516dc.568: FileDescription: Avast Antivirus
60616dc.568: \SystemRoot\System32\drivers\aswsp.sys:
60716dc.568: CreationTime: 2018-04-15T20:50:53.523469800Z
60816dc.568: LastWriteTime: 2021-08-06T13:46:12.039609400Z
60916dc.568: ChangeTime: 2021-08-06T13:46:12.039609400Z
61016dc.568: FileAttributes: 0x20
61116dc.568: Size: 0x73370
61216dc.568: NT Headers: 0xe8
61316dc.568: Timestamp: 0x60fee4c7
61416dc.568: Machine: 0x8664 - amd64
61516dc.568: Timestamp: 0x60fee4c7
61616dc.568: Image Version: 10.0
61716dc.568: SizeOfImage: 0x74000 (475136)
61816dc.568: Resource Dir: 0x72000 LB 0x388
61916dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
62016dc.568: [Raw version resource data: 0x72060 LB 0x328, codepage 0x0 (reserved 0x0)]
62116dc.568: ProductName: Avast Antivirus
62216dc.568: ProductVersion: 21.6.270.0
62316dc.568: FileVersion: 21.6.270.0
62416dc.568: FileDescription: Avast Self Protection
62516dc.568: \SystemRoot\System32\drivers\aswStm.sys:
62616dc.568: CreationTime: 2021-08-06T13:46:14.764626800Z
62716dc.568: LastWriteTime: 2021-08-06T13:46:12.249609600Z
62816dc.568: ChangeTime: 2021-08-06T13:46:12.249609600Z
62916dc.568: FileAttributes: 0x20
63016dc.568: Size: 0x34960
63116dc.568: NT Headers: 0xf8
63216dc.568: Timestamp: 0x60fee4bb
63316dc.568: Machine: 0x8664 - amd64
63416dc.568: Timestamp: 0x60fee4bb
63516dc.568: Image Version: 10.0
63616dc.568: SizeOfImage: 0x34000 (212992)
63716dc.568: Resource Dir: 0x32000 LB 0x390
63816dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
63916dc.568: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
64016dc.568: ProductName: Avast Antivirus
64116dc.568: ProductVersion: 21.6.270.0
64216dc.568: FileVersion: 21.6.270.0
64316dc.568: FileDescription: Avast Stream Filter
64416dc.568: \SystemRoot\System32\drivers\aswVmm.sys:
64516dc.568: CreationTime: 2018-04-15T20:50:53.539069800Z
64616dc.568: LastWriteTime: 2021-08-06T13:46:12.647616200Z
64716dc.568: ChangeTime: 2021-08-06T13:46:12.647616200Z
64816dc.568: FileAttributes: 0x20
64916dc.568: Size: 0x50378
65016dc.568: NT Headers: 0xf8
65116dc.568: Timestamp: 0x60fee4ba
65216dc.568: Machine: 0x8664 - amd64
65316dc.568: Timestamp: 0x60fee4ba
65416dc.568: Image Version: 10.0
65516dc.568: SizeOfImage: 0x4d000 (315392)
65616dc.568: Resource Dir: 0x4b000 LB 0x388
65716dc.568: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
65816dc.568: [Raw version resource data: 0x4b060 LB 0x328, codepage 0x0 (reserved 0x0)]
65916dc.568: ProductName: Avast Antivirus
66016dc.568: ProductVersion: 21.6.270.0
66116dc.568: FileVersion: 21.6.270.0
66216dc.568: FileDescription: Avast VM Monitor
66316dc.568: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
66416dc.568: Calling main()
66516dc.568: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
66616dc.568: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
66716dc.568: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
66816dc.568: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
66916dc.568: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
67016dc.568: SUPR3HardenedMain: Respawn #2
67116dc.568: supR3HardNtEnableThreadCreationEx:
67216dc.568: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
67316dc.568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
67416dc.568: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
67516dc.568: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
67616dc.568: supR3HardenedDllNotificationCallback: load 000007fefcbe0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
67716dc.568: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
67816dc.568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbe0000 'C:\Windows\system32\apphelp.dll'
67916dc.568: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007711a360 pvNtTerminateThread=000000007713c260
68016dc.568: supR3HardenedWinDoReSpawn(2): New child 2560.260c [kernel32].
68116dc.568: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
68216dc.568: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770f0000 uNtDllChildAddr=00000000770f0000
68316dc.568: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007711a360
68416dc.568: supR3HardenedWinSetupChildInit: Initial context:
685 rax=0000000000000000 rbx=0000000000000000 rcx=000000013fbb7900 rdx=000007fffffd7000
686 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
687 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
688 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
689 rip=000000007711a540 rsp=00000000002cf9d8 rbp=0000000000000000 ctxflags=0010001b
690 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
691 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
692 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
693 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
694 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
69516dc.568: kernel32.dll: timestamp 0x59b94f29 (rc=VINF_SUCCESS)
69616dc.568: supR3HardenedWinSetupChildInit: Start child.
69716dc.568: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
69816dc.568: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
69916dc.568: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
70016dc.568: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
70116dc.568: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
70216dc.568: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
70316dc.568: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
70416dc.568: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
70516dc.568: 0000000000041000-00000000001cffff 0x0001/0x0000 0x0000000
70616dc.568: *00000000001d0000-00000000002cbfff 0x0000/0x0004 0x0020000
70716dc.568: 00000000002cc000-00000000002cdfff 0x0104/0x0004 0x0020000
70816dc.568: 00000000002ce000-00000000002cffff 0x0004/0x0004 0x0020000
70916dc.568: 00000000002d0000-00000000770effff 0x0001/0x0000 0x0000000
71016dc.568: *00000000770f0000-00000000770f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71116dc.568: 00000000770f1000-00000000771edfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71216dc.568: 00000000771ee000-000000007721cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71316dc.568: 000000007721d000-0000000077226fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71416dc.568: 0000000077227000-0000000077227fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71516dc.568: 0000000077228000-000000007722afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71616dc.568: 000000007722b000-0000000077299fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
71716dc.568: 000000007729a000-000000007efdffff 0x0001/0x0000 0x0000000
71816dc.568: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
71916dc.568: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
72016dc.568: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
72116dc.568: 000000007fff0000-000000013fbaffff 0x0001/0x0000 0x0000000
72216dc.568: *000000013fbb0000-000000013fbb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72316dc.568: 000000013fbb1000-000000013fc27fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72416dc.568: 000000013fc28000-000000013fc28fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72516dc.568: 000000013fc29000-000000013fc71fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72616dc.568: 000000013fc72000-000000013fc72fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72716dc.568: 000000013fc73000-000000013fc73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72816dc.568: 000000013fc74000-000000013fc78fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
72916dc.568: 000000013fc79000-000000013fc79fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
73016dc.568: 000000013fc7a000-000000013fc7afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
73116dc.568: 000000013fc7b000-000000013fc7efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
73216dc.568: 000000013fc7f000-000000013fcc7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
73316dc.568: 000000013fcc8000-000007feff40ffff 0x0001/0x0000 0x0000000
73416dc.568: *000007feff410000-000007feff410fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
73516dc.568: 000007feff411000-000007fffffaffff 0x0001/0x0000 0x0000000
73616dc.568: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
73716dc.568: 000007fffffd3000-000007fffffd6fff 0x0001/0x0000 0x0000000
73816dc.568: *000007fffffd7000-000007fffffd7fff 0x0004/0x0004 0x0020000
73916dc.568: 000007fffffd8000-000007fffffddfff 0x0001/0x0000 0x0000000
74016dc.568: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
74116dc.568: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
74216dc.568: apisetschema.dll: timestamp 0x59b94ec4 (rc=VINF_SUCCESS)
74316dc.568: VirtualBoxVM.exe: timestamp 0x61018314 (rc=VINF_SUCCESS)
74416dc.568: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
74516dc.568: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
74616dc.568: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
74716dc.568: \SystemRoot\System32\ntdll.dll: Signature #1/1: info status: 24202
74816dc.568: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
74916dc.568: supR3HardNtChildPurify: Done after 571 ms and 0 fixes (loop #0).
7502560.260c: Log file opened: 6.1.26r145957 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
7512560.260c: supR3HardenedVmProcessInit: uNtDllAddr=00000000770f0000 g_uNtVerCombined=0x611db100 (stack ~00000000002cf488)
75216dc.568: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
75316dc.568: supR3HardNtEnableThreadCreationEx:
7542560.260c: ntdll.dll: timestamp 0x59b94ee4 (rc=VINF_SUCCESS)
7552560.260c: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1744896 allocation)
7562560.260c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
7572560.260c: System32: \Device\HarddiskVolume2\Windows\System32
7582560.260c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
7592560.260c: KnownDllPath: C:\Windows\system32
7602560.260c: supR3HardenedVmProcessInit: Opening vboxdrv...
7612560.260c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
7622560.260c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
7632560.260c: Registered Dll notification callback with NTDLL.
7642560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
7652560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
7662560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
7672560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7682560.260c: supR3HardenedDllNotificationCallback: load 0000000076fd0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
7692560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7702560.260c: supR3HardenedDllNotificationCallback: load 000007fefced0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
7712560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
7722560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
7732560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fd0000 'C:\Windows\system32\kernel32.dll'
7742560.260c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007711a360 pvNtTerminateThread=000000007713c260
77516dc.568: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 36 ms.
7762560.260c: \SystemRoot\System32\ntdll.dll:
7772560.260c: CreationTime: 2018-03-25T20:53:42.618319300Z
7782560.260c: LastWriteTime: 2017-09-13T15:31:56.094569800Z
7792560.260c: ChangeTime: 2018-03-25T21:19:31.922240800Z
7802560.260c: FileAttributes: 0x20
7812560.260c: Size: 0x1a7100
7822560.260c: NT Headers: 0xe0
7832560.260c: Timestamp: 0x59b94ee4
7842560.260c: Machine: 0x8664 - amd64
7852560.260c: Timestamp: 0x59b94ee4
7862560.260c: Image Version: 6.1
7872560.260c: SizeOfImage: 0x1aa000 (1744896)
7882560.260c: Resource Dir: 0x14e000 LB 0x5a028
7892560.260c: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
7902560.260c: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
7912560.260c: ProductName: Microsoft® Windows® Operating System
7922560.260c: ProductVersion: 6.1.7601.23915
7932560.260c: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
7942560.260c: FileDescription: NT Layer DLL
7952560.260c: \SystemRoot\System32\kernel32.dll:
7962560.260c: CreationTime: 2018-03-25T20:53:41.495117400Z
7972560.260c: LastWriteTime: 2017-09-13T15:27:59.681000000Z
7982560.260c: ChangeTime: 2018-03-25T21:19:32.281041400Z
7992560.260c: FileAttributes: 0x20
8002560.260c: Size: 0x11c000
8012560.260c: NT Headers: 0xe0
8022560.260c: Timestamp: 0x59b94f29
8032560.260c: Machine: 0x8664 - amd64
8042560.260c: Timestamp: 0x59b94f29
8052560.260c: Image Version: 6.1
8062560.260c: SizeOfImage: 0x11f000 (1175552)
8072560.260c: Resource Dir: 0x116000 LB 0x528
8082560.260c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8092560.260c: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
8102560.260c: ProductName: Microsoft® Windows® Operating System
8112560.260c: ProductVersion: 6.1.7601.23915
8122560.260c: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
8132560.260c: FileDescription: Windows NT BASE API Client DLL
8142560.260c: \SystemRoot\System32\KernelBase.dll:
8152560.260c: CreationTime: 2018-03-25T20:53:41.151916800Z
8162560.260c: LastWriteTime: 2017-09-13T15:27:59.681000000Z
8172560.260c: ChangeTime: 2018-03-25T21:19:32.281041400Z
8182560.260c: FileAttributes: 0x20
8192560.260c: Size: 0x66800
8202560.260c: NT Headers: 0xe8
8212560.260c: Timestamp: 0x59b94f2a
8222560.260c: Machine: 0x8664 - amd64
8232560.260c: Timestamp: 0x59b94f2a
8242560.260c: Image Version: 6.1
8252560.260c: SizeOfImage: 0x6a000 (434176)
8262560.260c: Resource Dir: 0x68000 LB 0x530
8272560.260c: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
8282560.260c: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
8292560.260c: ProductName: Microsoft® Windows® Operating System
8302560.260c: ProductVersion: 6.1.7601.23915
8312560.260c: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
8322560.260c: FileDescription: Windows NT BASE API Client DLL
8332560.260c: \SystemRoot\System32\apisetschema.dll:
8342560.260c: CreationTime: 2018-03-25T20:53:38.889912800Z
8352560.260c: LastWriteTime: 2017-09-13T15:27:55.360000000Z
8362560.260c: ChangeTime: 2018-03-25T21:19:31.906640700Z
8372560.260c: FileAttributes: 0x20
8382560.260c: Size: 0x1a00
8392560.260c: NT Headers: 0xc0
8402560.260c: Timestamp: 0x59b94ec4
8412560.260c: Machine: 0x8664 - amd64
8422560.260c: Timestamp: 0x59b94ec4
8432560.260c: Image Version: 6.1
8442560.260c: SizeOfImage: 0x50000 (327680)
8452560.260c: Resource Dir: 0x30000 LB 0x3f8
8462560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8472560.260c: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
8482560.260c: ProductName: Microsoft® Windows® Operating System
8492560.260c: ProductVersion: 6.1.7601.23915
8502560.260c: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
8512560.260c: FileDescription: ApiSet Schema DLL
8522560.260c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
8532560.260c: supR3HardenedWinFindAdversaries: 0x4
8542560.260c: \SystemRoot\System32\drivers\aswMonFlt.sys:
8552560.260c: CreationTime: 2020-10-19T13:51:25.883123000Z
8562560.260c: LastWriteTime: 2021-08-06T13:46:12.019609300Z
8572560.260c: ChangeTime: 2021-08-06T13:46:12.019609300Z
8582560.260c: FileAttributes: 0x20
8592560.260c: Size: 0x2d148
8602560.260c: NT Headers: 0xe0
8612560.260c: Timestamp: 0x60fee4ba
8622560.260c: Machine: 0x8664 - amd64
8632560.260c: Timestamp: 0x60fee4ba
8642560.260c: Image Version: 10.0
8652560.260c: SizeOfImage: 0x3a000 (237568)
8662560.260c: Resource Dir: 0x38000 LB 0x3a0
8672560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8682560.260c: [Raw version resource data: 0x38060 LB 0x340, codepage 0x0 (reserved 0x0)]
8692560.260c: ProductName: Avast Antivirus
8702560.260c: ProductVersion: 21.6.270.0
8712560.260c: FileVersion: 21.6.270.0
8722560.260c: FileDescription: Avast File System Filter
8732560.260c: \SystemRoot\System32\drivers\aswRdr2.sys:
8742560.260c: CreationTime: 2018-04-15T20:50:53.476669700Z
8752560.260c: LastWriteTime: 2021-08-06T13:46:12.009609300Z
8762560.260c: ChangeTime: 2021-08-06T13:46:12.009609300Z
8772560.260c: FileAttributes: 0x20
8782560.260c: Size: 0x1a778
8792560.260c: NT Headers: 0xf8
8802560.260c: Timestamp: 0x60fee4bb
8812560.260c: Machine: 0x8664 - amd64
8822560.260c: Timestamp: 0x60fee4bb
8832560.260c: Image Version: 10.0
8842560.260c: SizeOfImage: 0x1b000 (110592)
8852560.260c: Resource Dir: 0x19000 LB 0x388
8862560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8872560.260c: [Raw version resource data: 0x19060 LB 0x324, codepage 0x0 (reserved 0x0)]
8882560.260c: ProductName: Avast Antivirus
8892560.260c: ProductVersion: 21.6.270.0
8902560.260c: FileVersion: 21.6.270.0
8912560.260c: FileDescription: Avast Antivirus
8922560.260c: \SystemRoot\System32\drivers\aswRvrt.sys:
8932560.260c: CreationTime: 2018-04-15T20:50:53.523469800Z
8942560.260c: LastWriteTime: 2021-08-06T13:46:12.029609300Z
8952560.260c: ChangeTime: 2021-08-06T13:46:12.029609300Z
8962560.260c: FileAttributes: 0x20
8972560.260c: Size: 0x143d8
8982560.260c: NT Headers: 0xe0
8992560.260c: Timestamp: 0x60fee4b9
9002560.260c: Machine: 0x8664 - amd64
9012560.260c: Timestamp: 0x60fee4b9
9022560.260c: Image Version: 10.0
9032560.260c: SizeOfImage: 0x13000 (77824)
9042560.260c: Resource Dir: 0x11000 LB 0x380
9052560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9062560.260c: [Raw version resource data: 0x11060 LB 0x320, codepage 0x0 (reserved 0x0)]
9072560.260c: ProductName: Avast Antivirus
9082560.260c: ProductVersion: 21.6.270.0
9092560.260c: FileVersion: 21.6.270.0
9102560.260c: FileDescription: Avast Revert
9112560.260c: \SystemRoot\System32\drivers\aswSnx.sys:
9122560.260c: CreationTime: 2018-04-15T20:50:53.476669700Z
9132560.260c: LastWriteTime: 2021-08-06T13:46:09.716605900Z
9142560.260c: ChangeTime: 2021-08-06T13:46:09.716605900Z
9152560.260c: FileAttributes: 0x20
9162560.260c: Size: 0xcfef8
9172560.260c: NT Headers: 0xf8
9182560.260c: Timestamp: 0x60fee4bd
9192560.260c: Machine: 0x8664 - amd64
9202560.260c: Timestamp: 0x60fee4bd
9212560.260c: Image Version: 10.0
9222560.260c: SizeOfImage: 0xcd000 (839680)
9232560.260c: Resource Dir: 0xca000 LB 0x388
9242560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9252560.260c: [Raw version resource data: 0xca060 LB 0x324, codepage 0x0 (reserved 0x0)]
9262560.260c: ProductName: Avast Antivirus
9272560.260c: ProductVersion: 21.6.270.0
9282560.260c: FileVersion: 21.6.270.0
9292560.260c: FileDescription: Avast Antivirus
9302560.260c: \SystemRoot\System32\drivers\aswsp.sys:
9312560.260c: CreationTime: 2018-04-15T20:50:53.523469800Z
9322560.260c: LastWriteTime: 2021-08-06T13:46:12.039609400Z
9332560.260c: ChangeTime: 2021-08-06T13:46:12.039609400Z
9342560.260c: FileAttributes: 0x20
9352560.260c: Size: 0x73370
9362560.260c: NT Headers: 0xe8
9372560.260c: Timestamp: 0x60fee4c7
9382560.260c: Machine: 0x8664 - amd64
9392560.260c: Timestamp: 0x60fee4c7
9402560.260c: Image Version: 10.0
9412560.260c: SizeOfImage: 0x74000 (475136)
9422560.260c: Resource Dir: 0x72000 LB 0x388
9432560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9442560.260c: [Raw version resource data: 0x72060 LB 0x328, codepage 0x0 (reserved 0x0)]
9452560.260c: ProductName: Avast Antivirus
9462560.260c: ProductVersion: 21.6.270.0
9472560.260c: FileVersion: 21.6.270.0
9482560.260c: FileDescription: Avast Self Protection
9492560.260c: \SystemRoot\System32\drivers\aswStm.sys:
9502560.260c: CreationTime: 2021-08-06T13:46:14.764626800Z
9512560.260c: LastWriteTime: 2021-08-06T13:46:12.249609600Z
9522560.260c: ChangeTime: 2021-08-06T13:46:12.249609600Z
9532560.260c: FileAttributes: 0x20
9542560.260c: Size: 0x34960
9552560.260c: NT Headers: 0xf8
9562560.260c: Timestamp: 0x60fee4bb
9572560.260c: Machine: 0x8664 - amd64
9582560.260c: Timestamp: 0x60fee4bb
9592560.260c: Image Version: 10.0
9602560.260c: SizeOfImage: 0x34000 (212992)
9612560.260c: Resource Dir: 0x32000 LB 0x390
9622560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9632560.260c: [Raw version resource data: 0x32060 LB 0x32c, codepage 0x0 (reserved 0x0)]
9642560.260c: ProductName: Avast Antivirus
9652560.260c: ProductVersion: 21.6.270.0
9662560.260c: FileVersion: 21.6.270.0
9672560.260c: FileDescription: Avast Stream Filter
9682560.260c: \SystemRoot\System32\drivers\aswVmm.sys:
9692560.260c: CreationTime: 2018-04-15T20:50:53.539069800Z
9702560.260c: LastWriteTime: 2021-08-06T13:46:12.647616200Z
9712560.260c: ChangeTime: 2021-08-06T13:46:12.647616200Z
9722560.260c: FileAttributes: 0x20
9732560.260c: Size: 0x50378
9742560.260c: NT Headers: 0xf8
9752560.260c: Timestamp: 0x60fee4ba
9762560.260c: Machine: 0x8664 - amd64
9772560.260c: Timestamp: 0x60fee4ba
9782560.260c: Image Version: 10.0
9792560.260c: SizeOfImage: 0x4d000 (315392)
9802560.260c: Resource Dir: 0x4b000 LB 0x388
9812560.260c: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
9822560.260c: [Raw version resource data: 0x4b060 LB 0x328, codepage 0x0 (reserved 0x0)]
9832560.260c: ProductName: Avast Antivirus
9842560.260c: ProductVersion: 21.6.270.0
9852560.260c: FileVersion: 21.6.270.0
9862560.260c: FileDescription: Avast VM Monitor
9872560.260c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9882560.260c: Calling main()
9892560.260c: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
9902560.260c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
9912560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
9922560.260c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
9932560.260c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
9942560.260c: SUPR3HardenedMain: Final process, opening VBoxDrv...
9952560.260c: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
9962560.260c: supR3HardNtEnableThreadCreationEx:
9972560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
9982560.260c: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
9992560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
10002560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb311:<flags> [calling]
10012560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10022560.260c: supR3HardenedDllNotificationCallback: load 000007feeedb0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
10032560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10042560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10052560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8a91:<flags> [calling]
10062560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeedb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10072560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
10082560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8a91:<flags> [calling]
10092560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeedb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10102560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeedb0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
10112560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10122560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
10132560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10142560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
10152560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
10162560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
10172560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10182560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10192560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
10202560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10212560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10222560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10232560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
10242560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
10252560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10272560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10282560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
10292560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
10302560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10332560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
10342560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10372560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10402560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10412560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd121:<flags> [calling]
10422560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10432560.260c: supR3HardenedDllNotificationCallback: load 000007fefcf50000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
10442560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10452560.260c: supR3HardenedDllNotificationCallback: load 000007fefef80000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
10462560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10472560.260c: supR3HardenedDllNotificationCallback: load 000007fefcf90000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
10482560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10492560.260c: supR3HardenedDllNotificationCallback: load 000007fefcde0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
10502560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10512560.260c: supR3HardenedDllNotificationCallback: load 000007fefec80000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
10522560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10532560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\Wintrust.dll'
10542560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
10552560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
10562560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd121:<flags> [calling]
10572560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10582560.260c: supR3HardenedDllNotificationCallback: load 000007fefc720000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
10592560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10602560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\Windows\system32\bcrypt.dll'
10612560.260c: bcrypt.dll loaded at 000007fefc720000, BCryptOpenAlgorithmProvider at 000007fefc722460, preloading providers:
10622560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
10632560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
10642560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
10652560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
10662560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10672560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10682560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10702560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10712560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
10732560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
10742560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
10752560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10772560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10782560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10802560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10812560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd101:<flags> [calling]
10822560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10832560.260c: supR3HardenedDllNotificationCallback: load 000007fefc210000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
10842560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
10852560.260c: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
10862560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10872560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
10882560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
10892560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
10902560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
10912560.260c: supR3HardenedDllNotificationCallback: load 000007feff3a0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
10922560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
10932560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc210000 'C:\Windows\system32\bcryptprimitives.dll'
10942560.260c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007b23d0)
10952560.260c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007b2ce0)
10962560.260c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007b2e10)
10972560.260c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007b3030)
10982560.260c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007b3160)
10992560.260c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007b3290)
11002560.260c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007b34e0)
11012560.260c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007b3610)
11022560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
11032560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11042560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11062560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11082560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11092560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11102560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc71:<flags> [calling]
11112560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11122560.260c: supR3HardenedDllNotificationCallback: load 000007fefc6c0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
11132560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11142560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6c0000 'C:\Windows\system32\CRYPTSP.dll'
11152560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11162560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
11172560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
11182560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11192560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11202560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11212560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc01:<flags> [calling]
11222560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11232560.260c: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
11242560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
11252560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\rsaenh.dll'
11262560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11272560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc491:<flags> [calling]
11282560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
11292560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
11302560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11312560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc811:<flags> [calling]
11322560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11332560.260c: supR3HardenedDllNotificationCallback: load 000007fefcc40000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
11342560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
11352560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\CRYPTBASE.dll'
11362560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
11372560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc241:<flags> [calling]
11382560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fd0000 'C:\Windows\system32\kernel32.dll'
11392560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
11402560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccbd1:<flags> [calling]
11412560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\WINTRUST.DLL'
11422560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11432560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cca01:<flags> [calling]
11442560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\CRYPT32.dll'
11452560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11462560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
11472560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
11482560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
11492560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11502560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11512560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11522560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11532560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11542560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11552560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cca51:<flags> [calling]
11562560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
11572560.260c: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll: Owner is administrators group.
11582560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll)
11592560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll
11602560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\AVAST Software\Avast\aswhook.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
11612560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll [lacks WinVerifyTrust]
11622560.260c: supR3HardenedDllNotificationCallback: load 000007feef770000 LB 0x00015000 C:\Program Files\AVAST Software\Avast\aswhook.dll [fFlags=0x0]
11632560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll [lacks WinVerifyTrust]
11642560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef770000 'C:\Program Files\AVAST Software\Avast\aswhook.dll'
11652560.260c: supR3HardenedDllNotificationCallback: load 000007fefef60000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
11662560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
11672560.260c: supR3HardenedWinReInstallHooks: Reinstalling LdrLoadDll (0000000077116130: e9 03 a1 06 c0 cc cc cc cc cc ff e0 74 24 20 57).
11682560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef60000 'C:\Windows\system32\imagehlp.dll'
11692560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
11702560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccba1:<flags> [calling]
11712560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6c0000 'C:\Windows\system32\CRYPTSP.dll'
11722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11732560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
11742560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
11752560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11772560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
11782560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
11792560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
11802560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
11812560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
11822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
11832560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
11842560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
11852560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
11862560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
11872560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
11882560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11892560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11902560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11912560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
11922560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
11932560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11942560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11952560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
11962560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
11972560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
11982560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12002560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12032560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12042560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12062560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12082560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12092560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12112560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12122560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12132560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc6d1:<flags> [calling]
12142560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12152560.260c: supR3HardenedDllNotificationCallback: load 0000000076ed0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
12162560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12172560.260c: supR3HardenedDllNotificationCallback: load 000007feff330000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
12182560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12192560.260c: supR3HardenedDllNotificationCallback: load 000007feff3c0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
12202560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
12212560.260c: supR3HardenedDllNotificationCallback: load 000007fefedb0000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
12222560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
12232560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12242560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbbd1:<flags> [calling]
12252560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff330000 'C:\Windows\system32\gdi32.dll'
12262560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
12272560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
12282560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
12292560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
12302560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
12312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
12322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
12332560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12342560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
12352560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
12362560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
12372560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
12382560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
12392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12402560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12412560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12422560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12432560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12442560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12452560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
12462560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
12472560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12492560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12502560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12512560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12522560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12532560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12542560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12552560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12562560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12572560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb511:<flags> [calling]
12582560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12592560.260c: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
12602560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
12612560.260c: supR3HardenedDllNotificationCallback: load 000007fefe8f0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
12622560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
12632560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3d0000 'C:\Windows\system32\IMM32.DLL'
12642560.260c: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Owner is administrators group.
12652560.260c: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: Signature #1/1: VERR_CR_X509_CPV_NO_TRUSTED_PATHS (-23303) w/ timestamp=0x58650194/link.
12662560.260c: supHardenedWinVerifyImageByHandle: -> -23303 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
12672560.260c: Error (rc=0):
12682560.260c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23303 (0xffffa4f9) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: fKeyUsage=0x0, missing 0x1: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
12692560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
12702560.260c: Error (rc=0):
12712560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\nvinitx.dll' (C:\Windows\system32\nvinitx.dll): rcNt=0xc0000190
12722560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\nvinitx.dll'
12732560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ed0000 'C:\Windows\system32\USER32.dll'
12742560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
12752560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12762560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
12772560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
12782560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
12792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
12802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
12812560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
12822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12842560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
12862560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
12872560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12882560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc9d1:<flags> [calling]
12892560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12902560.260c: supR3HardenedDllNotificationCallback: load 000007fefc750000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
12912560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
12922560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc750000 'C:\Windows\system32\ncrypt.dll'
12932560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
12942560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc7c1:<flags> [calling]
12952560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\Windows\system32\bcrypt.dll'
12962560.260c: \Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll: Owner is administrators group.
12972560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'crypt32.dll'.
12982560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12992560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
13002560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
13012560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winscard.dll'.
13022560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'version.dll'.
13032560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll)
13042560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll
13052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
13062560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
13072560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
13082560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\version.dll)
13092560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
13102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winscard.dll'...
13112560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winscard.dll' -> '\Device\HarddiskVolume2\Windows\System32\winscard.dll' [rcNtRedir=0xc0150008]
13122560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13132560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
13142560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\WinSCard.dll)
13152560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WinSCard.dll
13162560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13172560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13182560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13192560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
13202560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
13212560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
13222560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13232560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13242560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13252560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13272560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13282560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13292560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
13302560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
13312560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13342560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13372560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13402560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13412560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13422560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13432560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13442560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13452560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13462560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13472560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13492560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13502560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bit4upki-store.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc541:<flags> [calling]
13512560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll [lacks WinVerifyTrust]
13522560.260c: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x00043000 C:\Windows\system32\bit4upki-store.dll [fFlags=0x0]
13532560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll [lacks WinVerifyTrust]
13542560.260c: supR3HardenedDllNotificationCallback: load 000007feff2a0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
13552560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13562560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\WinSCard.dll [lacks WinVerifyTrust]
13572560.260c: supR3HardenedDllNotificationCallback: load 000007fef8470000 LB 0x00038000 C:\Windows\system32\WinSCard.dll [fFlags=0x0]
13582560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\WinSCard.dll [lacks WinVerifyTrust]
13592560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
13602560.260c: supR3HardenedDllNotificationCallback: load 000007fefcd10000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
13612560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
13622560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Windows\system32\bit4upki-store.dll'
13632560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13642560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
13652560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
13662560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
13672560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
13682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
13692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
13702560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13712560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
13722560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
13732560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13742560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13752560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13772560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13782560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13812560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13822560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc151:<flags> [calling]
13832560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13842560.260c: supR3HardenedDllNotificationCallback: load 000007fefd110000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
13852560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
13862560.260c: supR3HardenedDllNotificationCallback: load 000007fefcdf0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
13872560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13882560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\USERENV.dll'
13892560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
13902560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbeb1:<flags> [calling]
13912560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13922560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
13932560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc241:<flags> [calling]
13942560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13952560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13962560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
13972560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
13982560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
13992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14002560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14012560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14032560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14042560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14052560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc471:<flags> [calling]
14062560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
14072560.260c: supR3HardenedDllNotificationCallback: load 000007fefbcf0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
14082560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
14092560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbcf0000 'C:\Windows\system32\GPAPI.dll'
14102560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14112560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc3c1:<flags> [calling]
14122560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
14132560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14142560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbac1:<flags> [calling]
14152560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'C:\Windows\system32\rpcrt4.dll'
14162560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14172560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc3a1:<flags> [calling]
14182560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
14192560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14202560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc3b1:<flags> [calling]
14212560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
14222560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14232560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc361:<flags> [calling]
14242560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
14252560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14262560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc361:<flags> [calling]
14272560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
14282560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14292560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winsta.dll)
14302560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
14312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14332560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14342560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc351:<flags> [calling]
14352560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winsta.dll [lacks WinVerifyTrust]
14362560.260c: supR3HardenedDllNotificationCallback: load 000007fefbe00000 LB 0x0003d000 C:\Windows\system32\WINSTA.dll [fFlags=0x0]
14372560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winsta.dll [lacks WinVerifyTrust]
14382560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe00000 'C:\Windows\system32\WINSTA.dll'
14392560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14402560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc101:<flags> [calling]
14412560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
14422560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14432560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc0b1:<flags> [calling]
14442560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
14452560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14462560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RPCRT4.dll (Input=RPCRT4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc181:<flags> [calling]
14472560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec80000 'C:\Windows\system32\RPCRT4.dll'
14482560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
14492560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbe71:<flags> [calling]
14502560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
14512560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14522560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll)
14532560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
14542560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14552560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14562560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14572560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WTSAPI32.dll (Input=WTSAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc281:<flags> [calling]
14582560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust]
14592560.260c: supR3HardenedDllNotificationCallback: load 000007fefc160000 LB 0x00011000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
14602560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust]
14612560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc160000 'C:\Windows\system32\WTSAPI32.dll'
14622560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\winsta.dll [lacks WinVerifyTrust]
14632560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc171:<flags> [calling]
14642560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe00000 'C:\Windows\system32\WINSTA.dll'
14652560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14662560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
14672560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
14682560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
14692560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
14702560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
14712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
14722560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
14732560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14742560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
14752560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
14762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
14772560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
14782560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
14792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14812560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14842560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14862560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14872560.260c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14882560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbeb1:<flags> [calling]
14892560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14902560.260c: supR3HardenedDllNotificationCallback: load 000007fef23b0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
14912560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14922560.260c: supR3HardenedDllNotificationCallback: load 000007fefd830000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
14932560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
14942560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14952560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
14962560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
14972560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
14982560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
14992560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15002560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15012560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
15022560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15032560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15042560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
15052560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15062560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15072560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
15082560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15092560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15102560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb0e1:<flags> [calling]
15112560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15122560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15132560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15142560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15152560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15162560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15172560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15182560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15192560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15202560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15212560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15222560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15232560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
15242560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef23b0000 'C:\Windows\system32\cryptnet.dll'
15252560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
15262560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cb7d1:<flags> [calling]
15272560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15282560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
15292560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb7d1:<flags> [calling]
15302560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdf0000 'C:\Windows\system32\profapi.dll'
15312560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
15322560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb261:<flags> [calling]
15332560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\Windows\system32\SHLWAPI.dll'
15342560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
15352560.260c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007de4b0
15362560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15372560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F5E05BCF645241EEA763D2EB09C25AC95452663
15382560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
15392560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc191:<flags> [calling]
15402560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15412560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
15422560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbcf1:<flags> [calling]
15432560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
15442560.260c: supR3HardenedIsApiSetDll: '<NULL>' -> true
15452560.260c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbcf1:<flags> [calling]
15462560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
15472560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
15482560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc191:<flags> [calling]
15492560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
15502560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
15512560.260c: g_pfnWinVerifyTrust=000007fefcf51010
15522560.260c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
15532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
15542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15552560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15562560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
15572560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
15582560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15592560.260c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
15602560.260c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
15612560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000b8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
15622560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15632560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15642560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
15652560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
15662560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15672560.260c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
15682560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000424 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
15692560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15702560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15712560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
15722560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
15732560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15742560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
15752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
15762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15772560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15782560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
15792560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
15802560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15812560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
15822560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
15832560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15842560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15852560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
15862560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
15872560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15882560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
15892560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\winsta.dll
15902560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15912560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15922560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784FF9CB91ACF5CDF00DE84F778DD4A67C759FA
15932560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_51_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winsta.dll'
15942560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15952560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winsta.dll'
15962560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000288 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
15972560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
15982560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
15992560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
16002560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
16012560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16022560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
16032560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
16042560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16052560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16062560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
16072560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
16082560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16092560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
16102560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
16112560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16122560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16132560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
16142560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
16152560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16162560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
16172560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16182560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16192560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16202560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
16212560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
16222560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16232560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
16242560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\WinSCard.dll
16252560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16262560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16272560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=48B13DA481F07359C76485BC70628796EF96B43D
16282560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\WinSCard.dll'
16292560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16302560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\WinSCard.dll'
16312560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
16322560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16332560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16342560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
16352560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
16362560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16372560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
16382560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll
16392560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007de4b0
16402560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007de4b0
16412560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B809EB86B2D485CF699833A8F84D50D780F8EB4F
16422560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
16432560.260c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000031ead00
16442560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16452560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B809EB86B2D485CF699833A8F84D50D780F8EB4F
16462560.260c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
16472560.260c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000031eac40
16482560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031eac40
16492560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=9F35B6443D4C65453552C317D66278AE94985C6125B1B867423F2B9D734EA3BB
16502560.260c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
16512560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
16522560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bit4upki-store.dll'
16532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
16542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16552560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16562560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2BBA3367EA1E5C673D52D2309BE2745A7A5FB2C4
16572560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
16582560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16592560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
16602560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
16612560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16622560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16632560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B18074E6500B26B9675D6739EF0E6FFC56E8E0CA
16642560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
16652560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16662560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
16672560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
16682560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16692560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16702560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
16712560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16722560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16732560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
16742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
16752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16772560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
16782560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
16792560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16802560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
16812560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
16822560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16832560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16842560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DC994FB408FAF67CF116D1D74EFE3F5D9DA7A609
16852560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
16862560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16872560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
16882560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
16892560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16902560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16912560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D767C07C15EAAFC316567AB2F5CA7B85CCD70E2
16922560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16932560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16942560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
16952560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
16962560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
16972560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
16982560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
16992560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
17002560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17012560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
17022560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
17032560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002caff1:<flags> [calling]
17042560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\crypt32.dll'
17052560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\AVAST Software\Avast\aswhook.dll'
17062560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
17072560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17082560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17092560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
17102560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
17112560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17122560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
17132560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
17142560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17152560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17162560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5FC4F2CD5240E1C8EE8C6C3E3DFE4029596EF9C
17172560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
17182560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17192560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
17202560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
17212560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
17222560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17232560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17242560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
17252560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
17262560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17272560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
17282560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
17292560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17302560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17312560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
17322560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
17332560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17342560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
17352560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
17362560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17372560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17382560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B9FB78D95C611EC480818A4744EAB8FFEAD97B10
17392560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
17402560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17412560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
17422560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
17432560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
17442560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17452560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17462560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A37B61527FAD2E36038B930574FF8D168775773B
17472560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
17482560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17492560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
17502560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
17512560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17522560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
17542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
17552560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17562560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
17572560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
17582560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17592560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17602560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
17612560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
17622560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17632560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
17642560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000bc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
17652560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17662560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17672560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B1742B12D9CD2C2B26686DFFDD19ECDAC844FF8
17682560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
17692560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17702560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
17712560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
17722560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
17732560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B1DD6C04D2033BFDBE0C5B410EB7F5495BDBFD7E
17762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
17772560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17782560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
17792560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
17802560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
17812560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
17822560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC8F4EEF117488A42CEE6E26D5D82A459287E403
17832560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
17842560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17852560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
17862560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
17872560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbc31:<flags> [calling]
17882560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\crypt32.dll'
17892560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x220ae6bf7b06b300 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
17902560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
17912560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
17922560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
17932560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
17942560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
17952560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
17962560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
17972560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
17982560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
17992560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
18002560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
18012560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
18022560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
18032560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
18042560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
18052560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
18062560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
18072560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
18082560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
18092560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
18102560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
18112560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
18122560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
18132560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
18142560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
18152560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
18162560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
18172560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
18182560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
18192560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
18202560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
18212560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
18222560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
18232560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
18242560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x9b3ae4d356dfc000 C=EU, L=Madrid (see current address at www.camerfirma.com/address), SRN=A82743287, O=AC Camerfirma S.A., CN=Global Chambersign Root - 2008
18252560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
18262560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
18272560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
18282560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
18292560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
18302560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
18312560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
18322560.260c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
18332560.260c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=44
18342560.260c: SUPR3HardenedMain: Load Runtime...
18352560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
18362560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18372560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
18382560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
18392560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18402560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
18412560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
18422560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18432560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18442560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18452560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
18462560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
18472560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
18482560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
18492560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18502560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18512560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
18522560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
18532560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
18542560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18552560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18562560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18572560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18582560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18592560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
18602560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
18612560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
18622560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18632560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18642560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18652560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
18662560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
18672560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18702560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
18722560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
18732560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
18742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
18752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
18762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
18772560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
18782560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18792560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
18802560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
18812560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18852560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbf61:<flags> [calling]
18862560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
18872560.260c: supR3HardenedDllNotificationCallback: load 000007fed0210000 LB 0x005e0000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
18882560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
18892560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18902560.260c: supR3HardenedDllNotificationCallback: load 0000000073510000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
18912560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18922560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18932560.260c: supR3HardenedDllNotificationCallback: load 0000000072810000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
18942560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18952560.260c: supR3HardenedDllNotificationCallback: load 000007fefec30000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
18962560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18972560.260c: supR3HardenedDllNotificationCallback: load 000007feff320000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
18982560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
18992560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19002560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19012560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19022560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19032560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19042560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19052560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19062560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19072560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19082560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19092560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19102560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19112560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19122560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19132560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19142560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19152560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19162560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19172560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19182560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19192560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19202560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19212560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19222560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19232560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19242560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19252560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19262560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19272560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19282560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19292560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19302560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19312560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19322560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19332560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19342560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19352560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19362560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19372560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19382560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19392560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19402560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19412560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19422560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
19432560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9671:<flags> [calling]
19442560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19452560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19462560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19472560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0210000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
19482560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
19492560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdac1:<flags> [calling]
19502560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\Wintrust.dll'
19512560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
19522560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc611:<flags> [calling]
19532560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf90000 'C:\Windows\system32\crypt32.dll'
19542560.260c: SUPR3HardenedMain: Load TrustedMain...
19552560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
19562560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
19572560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
19582560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
19592560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
19602560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
19612560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
19622560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
19632560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
19642560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
19652560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
19662560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
19672560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
19682560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
19692560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
19702560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
19712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
19722560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
19732560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
19742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
19752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
19762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
19772560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
19782560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19792560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19802560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19812560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
19822560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
19832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19852560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19862560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
19872560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
19882560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
19892560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
19902560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19912560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
19922560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
19932560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
19942560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
19952560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
19962560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
19972560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19982560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20002560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
20012560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
20022560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
20032560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9DDF928A79649EE6EF62D5AAEDE2609045F68737
20042560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
20052560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20062560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20072560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
20082560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
20092560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
20102560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
20112560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
20122560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20132560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20142560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
20152560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
20162560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
20172560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
20182560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
20192560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
20202560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
20212560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
20222560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20232560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20242560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20252560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
20262560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
20272560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20282560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
20292560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
20302560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
20312560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
20322560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
20332560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
20342560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20372560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
20382560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
20392560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
20402560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20412560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20422560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
20432560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
20442560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
20452560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
20462560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20472560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20492560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
20502560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
20512560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
20522560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
20532560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20542560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
20552560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
20562560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
20572560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
20582560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
20592560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20602560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20612560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20622560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20632560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20642560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20652560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20662560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20672560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
20692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
20702560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
20712560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
20722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
20732560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
20742560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
20752560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
20762560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
20772560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
20782560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
20792560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
20802560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
20812560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
20822560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
20832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20852560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
20862560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
20872560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
20882560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
20892560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
20902560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20912560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20922560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20932560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
20942560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
20952560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
20962560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
20972560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
20982560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21002560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
21022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
21032560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
21042560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
21052560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
21062560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
21072560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
21082560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21092560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21102560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21112560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
21122560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
21132560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
21142560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
21152560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
21162560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21172560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
21182560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
21192560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
21202560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
21212560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
21222560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
21232560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
21242560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21252560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21262560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
21272560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21282560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
21292560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
21302560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21322560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
21332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21342560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21352560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
21362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21372560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21402560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21412560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21422560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21432560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21442560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21452560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21462560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21472560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21492560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21502560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21512560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21522560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21532560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
21542560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
21552560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
21562560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21572560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21582560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21592560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21602560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21612560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21622560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21632560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21642560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21652560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21662560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21672560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21692560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21702560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
21712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
21722560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
21732560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
21742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
21752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
21762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
21772560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21782560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
21792560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
21802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21812560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21822560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21862560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21872560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21882560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21892560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21902560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
21912560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
21922560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
21932560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66792BA817E2D5077D918A98F547AEB0248EE258
21942560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
21952560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21962560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21972560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
21982560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
21992560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
22002560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
22012560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
22022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22032560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22042560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22062560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22082560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22092560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22112560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22122560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22132560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22142560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22152560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22162560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22172560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22182560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22192560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22202560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22212560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22222560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22232560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22242560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22252560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
22262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
22272560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
22282560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22292560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22302560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22312560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22342560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22372560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22402560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22412560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22422560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22432560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22442560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22452560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22462560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22472560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22492560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22502560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
22512560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
22522560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22532560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22542560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22552560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22562560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22572560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22582560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22592560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22602560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22612560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22622560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22632560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22642560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22652560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22662560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22672560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22702560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22722560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22732560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22742560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22752560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22772560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22782560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22812560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
22822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
22832560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
22842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22862560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22872560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22882560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
22892560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
22902560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
22912560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22922560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22932560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
22942560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
22952560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22962560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
22972560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
22982560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
22992560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
23002560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23012560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23022560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23032560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23042560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
23052560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
23062560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
23072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
23082560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
23092560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
23102560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
23112560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
23122560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
23132560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23142560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
23152560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
23162560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
23172560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23182560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
23192560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
23202560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
23212560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
23222560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23232560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23242560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23252560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
23262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
23272560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
23282560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
23292560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
23302560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E39FA2354AB36177BAF7DADD59E614FF3B70029B
23312560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
23322560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23332560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23342560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
23352560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23362560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
23372560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
23382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23392560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23402560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23412560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23422560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23432560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23442560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23452560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23462560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23472560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23482560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
23492560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
23502560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
23512560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
23522560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
23532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
23542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
23552560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23562560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23572560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
23582560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
23592560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
23602560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23612560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23622560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23632560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23642560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23652560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23662560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23672560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23682560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23692560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
23702560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23712560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23722560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23732560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23742560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23752560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
23762560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
23772560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
23782560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
23792560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23802560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23812560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23822560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23832560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
23842560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
23852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23862560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23872560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23882560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23892560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23902560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23912560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23922560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23932560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23942560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23952560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23962560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23972560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
23982560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
23992560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
24002560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24022560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
24032560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbf71:<flags> [calling]
24042560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
24052560.260c: supR3HardenedDllNotificationCallback: load 000007fecedb0000 LB 0x001c8000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
24062560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
24072560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24082560.260c: supR3HardenedDllNotificationCallback: load 000007fee7080000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
24092560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24102560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24112560.260c: supR3HardenedDllNotificationCallback: load 000007fee73a0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
24122560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
24132560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24142560.260c: supR3HardenedDllNotificationCallback: load 000007fee6ed0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
24152560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24162560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24172560.260c: supR3HardenedDllNotificationCallback: load 000007fee7390000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
24182560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
24192560.260c: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
24202560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24212560.260c: supR3HardenedDllNotificationCallback: load 000007fefd130000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
24222560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
24232560.260c: supR3HardenedDllNotificationCallback: load 000007fefee80000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
24242560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24252560.260c: supR3HardenedDllNotificationCallback: load 000007feff0a0000 LB 0x001fc000 C:\Windows\system32\ole32.dll [fFlags=0x0]
24262560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24272560.260c: supR3HardenedDllNotificationCallback: load 000007fefd170000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
24282560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
24292560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24302560.260c: supR3HardenedDllNotificationCallback: load 000007fefad20000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
24312560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
24322560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
24332560.260c: supR3HardenedDllNotificationCallback: load 000007fec1590000 LB 0x02316000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
24342560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\UICommon.dll
24352560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24362560.260c: supR3HardenedDllNotificationCallback: load 0000000065ba0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
24372560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24382560.260c: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
24392560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24402560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
24412560.260c: supR3HardenedDllNotificationCallback: load 000007fef5360000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
24422560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
24432560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24442560.260c: supR3HardenedDllNotificationCallback: load 000007fecfc10000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
24452560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24462560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
24472560.260c: supR3HardenedDllNotificationCallback: load 0000000065630000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
24482560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
24492560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
24502560.260c: supR3HardenedDllNotificationCallback: load 00000000734b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
24512560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
24522560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24532560.260c: supR3HardenedDllNotificationCallback: load 000007fefad90000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
24542560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
24552560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.DLL'
24562560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
24572560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
24582560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\cryptbase.dll'
24592560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecedb0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
24602560.260c: SUPR3HardenedMain: Calling TrustedMain (000007fecedb16c0)...
24612560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24622560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd821:<flags> [calling]
24632560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
24642560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
24652560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
24662560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbf01:<flags> [calling]
24672560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdf0000 'C:\Windows\system32\profapi.dll'
24682560.260c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
24692560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
24702560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
24712560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
24722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
24732560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
24742560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24752560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
24762560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
24772560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
24782560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
24792560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
24802560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
24812560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
24822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24842560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24852560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24862560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24872560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24882560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24892560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24902560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24912560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24922560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24932560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24942560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24952560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24962560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24972560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24982560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
24992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
25002560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
25012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
25022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
25032560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
25042560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25062560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25082560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
25092560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25112560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce1f1:<flags> [calling]
25122560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
25132560.260c: supR3HardenedDllNotificationCallback: load 000007fecfae0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
25142560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
25152560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecfae0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
25162560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
25172560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce121:<flags> [calling]
25182560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc40000 'C:\Windows\system32\CRYPTBASE.dll'
25192560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25202560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
25212560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
25222560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
25232560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
25242560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25252560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25262560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
25272560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
25282560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
25292560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25302560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25342560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25362560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdbf1:<flags> [calling]
25372560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25382560.260c: supR3HardenedDllNotificationCallback: load 000007fefae40000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
25392560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25402560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
25412560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25422560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd631:<flags> [calling]
25432560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
25442560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25452560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd3a1:<flags> [calling]
25462560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
25472560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
25482560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd3a1:<flags> [calling]
25492560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
25502560.260c: \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll: Owner is administrators group.
25512560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005cc pwszName=\Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25522560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
25532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
25542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFFA12083AA58C48DA7A2D47D41F47FEDF72D4BA
25552560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
25562560.260c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000031ead00
25572560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
25582560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFFA12083AA58C48DA7A2D47D41F47FEDF72D4BA
25592560.260c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
25602560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031eac40
25612560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031eac40
25622560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FA9F41BEB25F7982D0F3F712EC92A58990841CAC2B5A6CD95B07FE260A1B82AF
25632560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
25642560.260c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000031eac40
25652560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031eac40
25662560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FA9F41BEB25F7982D0F3F712EC92A58990841CAC2B5A6CD95B07FE260A1B82AF
25672560.260c: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERROR_NOT_FOUND (1168)
25682560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
25692560.260c: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll) WinVerifyTrust
25702560.260c: Error (rc=0):
25712560.260c: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll: Not signed.
25722560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25732560.260c: Error (rc=0):
25742560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
25752560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
25762560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25772560.260c: Error (rc=0):
25782560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25792560.260c: Error (rc=0):
25802560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
25812560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
25822560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25832560.260c: Error (rc=0):
25842560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25852560.260c: Error (rc=0):
25862560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
25872560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
25882560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25892560.260c: Error (rc=0):
25902560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25912560.260c: Error (rc=0):
25922560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
25932560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
25942560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25952560.260c: Error (rc=0):
25962560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
25972560.260c: Error (rc=0):
25982560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
25992560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
26002560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076ed0000 'C:\Windows\system32\user32.dll'
26012560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26022560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce431:<flags> [calling]
26032560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\shell32.dll'
26042560.260c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
26052560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
26062560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26072560.260c: Error (rc=0):
26082560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26092560.260c: Error (rc=0):
26102560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
26112560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
26122560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26132560.260c: Error (rc=0):
26142560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26152560.260c: Error (rc=0):
26162560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
26172560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
26182560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26192560.260c: Error (rc=0):
26202560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26212560.260c: Error (rc=0):
26222560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
26232560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
26242560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
26252560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdad1:<flags> [calling]
26262560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Windows\system32\dwmapi.dll'
26272560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26282560.260c: Error (rc=0):
26292560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
26302560.260c: Error (rc=0):
26312560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
26322560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
26332560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26342560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce851:<flags> [calling]
26352560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\Windows\system32\winmm.dll'
26362560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26372560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce851:<flags> [calling]
26382560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\Windows\system32\winmm.dll'
26392560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
26402560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ceb31:<flags> [calling]
26412560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\shell32.dll'
26422560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
26432560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ceb01:<flags> [calling]
26442560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae40000 'C:\Windows\system32\uxtheme.dll'
26452560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\advapi32.dll'
26462560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
26472560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cea61:<flags> [calling]
26482560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd110000 'C:\Windows\system32\userenv.dll'
26492560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
26502560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ceb41:<flags> [calling]
26512560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fd0000 'C:\Windows\system32\kernel32.dll'
26522560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
26532560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc8b1:<flags> [calling]
26542560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
26552560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000164 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26562560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
26572560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
26582560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
26592560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
26602560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26612560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26622560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
26632560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26642560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26652560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
26662560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26672560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
26682560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26692560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26702560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26712560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
26722560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26732560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26742560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26752560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26772560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26782560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26812560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
26822560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26832560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26842560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc831:<flags> [calling]
26852560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26862560.260c: supR3HardenedDllNotificationCallback: load 000007fefd4d0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
26872560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
26882560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\CLBCatQ.DLL'
26892560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
26902560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb681:<flags> [calling]
26912560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6c0000 'C:\Windows\system32\CRYPTSP.dll'
26922560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
26932560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
26942560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
26952560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
26962560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
26972560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26982560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
26992560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
27002560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27032560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb241:<flags> [calling]
27042560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27052560.260c: supR3HardenedDllNotificationCallback: load 000007fefccf0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
27062560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
27072560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccf0000 'C:\Windows\system32\RpcRtRemote.dll'
27082560.1eb0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
27092560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27102560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27112560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27122560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
27132560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27142560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27152560.1eb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
27162560.1eb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27172560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27182560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27192560.1eb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27202560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27212560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27222560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27232560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27242560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27252560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27262560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27272560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27282560.1eb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
27292560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27302560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27312560.1eb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f3e621:<flags> [calling]
27322560.1eb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27332560.1eb0: supR3HardenedDllNotificationCallback: load 000007fecd8b0000 LB 0x003c1000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
27342560.1eb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
27352560.1eb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
27362560.1eb0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
27372560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27382560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27392560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27402560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
27412560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
27422560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
27432560.1eb0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
27442560.1eb0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
27452560.1eb0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27462560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27472560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27482560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27492560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27502560.1eb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27512560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27522560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27532560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27542560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27552560.1eb0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27562560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27572560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27582560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27592560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27602560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27612560.1eb0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27622560.1eb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f3d0b1:<flags> [calling]
27632560.1eb0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27642560.1eb0: supR3HardenedDllNotificationCallback: load 000007fecf9f0000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
27652560.1eb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
27662560.1eb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecf9f0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
27672560.1eb0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27682560.1eb0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004f3cf41:<flags> [calling]
27692560.1eb0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee80000 'C:\Windows\system32\oleaut32.dll'
27702560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
27712560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff330000 'C:\Windows\system32\gdi32.dll'
27722560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
27732560.260c: Error (rc=0):
27742560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
27752560.260c: Error (rc=0):
27762560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
27772560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
27782560.1504: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
27792560.1504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27802560.1504: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27812560.1504: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
27822560.1504: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27832560.1504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27842560.1504: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27852560.1504: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27862560.1504: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27872560.1504: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004b0a561:<flags> [calling]
27882560.1504: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27892560.1504: supR3HardenedDllNotificationCallback: load 000007feeed50000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
27902560.1504: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
27912560.1504: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeed50000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
27922560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
27932560.260c: Error (rc=0):
27942560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
27952560.260c: Error (rc=0):
27962560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
27972560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
27982560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
27992560.260c: Error (rc=0):
28002560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28012560.260c: Error (rc=0):
28022560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
28032560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
28042560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28052560.260c: Error (rc=0):
28062560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28072560.260c: Error (rc=0):
28082560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
28092560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
28102560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28112560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca5b1:<flags> [calling]
28122560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\shell32.dll'
28132560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28142560.260c: Error (rc=0):
28152560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28162560.260c: Error (rc=0):
28172560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
28182560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
28192560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
28202560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
28212560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
28222560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28232560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28242560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll) WinVerifyTrust
28252560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
28262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28272560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28282560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28292560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28302560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
28312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
28322560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28342560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28372560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9931:<flags> [calling]
28382560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
28392560.260c: supR3HardenedDllNotificationCallback: load 000007fee3f00000 LB 0x0003f000 C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll [fFlags=0x0]
28402560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
28412560.260c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
28422560.260c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\psapi.dll)
28432560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\psapi.dll
28442560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\PSAPI.DLL (Input=PSAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8a41:<flags> [calling]
28452560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
28462560.260c: supR3HardenedDllNotificationCallback: load 00000000772b0000 LB 0x00007000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
28472560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\psapi.dll [avoiding WinVerifyTrust]
28482560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772b0000 'C:\Windows\system32\PSAPI.DLL'
28492560.260c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\System32\psapi.dll'.
28502560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll' [rescheduled]
28512560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3f00000 'C:\Program Files\WIDCOMM\Bluetooth Software\btmmhook.dll'
28522560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008dc pwszName=\Device\HarddiskVolume2\Windows\System32\psapi.dll
28532560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
28542560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
28552560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=561BAAB249C395B66D294444DF251EDB701DB607
28562560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\psapi.dll'
28572560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28582560.260c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\psapi.dll'
28592560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28602560.260c: Error (rc=0):
28612560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
28622560.260c: Error (rc=0):
28632560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
28642560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
28652560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
28662560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
28672560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
28682560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9e91:<flags> [calling]
28692560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8f0000 'C:\Windows\system32\MSCTF.dll'
28702560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
28712560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
28722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28732560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll) WinVerifyTrust
28742560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
28752560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28762560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28772560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28782560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28792560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28812560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ca531:<flags> [calling]
28822560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
28832560.260c: supR3HardenedDllNotificationCallback: load 000007feea9e0000 LB 0x00024000 C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll [fFlags=0x0]
28842560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
28852560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea9e0000 'C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll'
28862560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
28872560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee80000 'C:\Windows\system32\OLEAUT32.dll'
28882560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000008fc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
28892560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
28902560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
28912560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
28922560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
28932560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28942560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28952560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
28962560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
28972560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28982560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
28992560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
29002560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
29012560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
29022560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29032560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29042560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29062560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29072560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29082560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29092560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29112560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
29122560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
29132560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000090c pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
29142560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
29152560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
29162560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
29172560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
29182560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29192560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29202560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
29212560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
29222560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29232560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
29242560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
29252560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
29262560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29272560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29282560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29292560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29302560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29312560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29322560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29332560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29342560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29352560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29362560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29372560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29382560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29392560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c6801:<flags> [calling]
29402560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
29412560.260c: supR3HardenedDllNotificationCallback: load 000007fef8a10000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
29422560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
29432560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
29442560.260c: supR3HardenedDllNotificationCallback: load 000007fef8a50000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
29452560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
29462560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8a10000 'C:\Windows\system32\wbem\wbemprox.dll'
29472560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000928 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29482560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
29492560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
29502560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
29512560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
29522560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29532560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29542560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
29552560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
29562560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29572560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29582560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29592560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29602560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29612560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c6441:<flags> [calling]
29622560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29632560.260c: supR3HardenedDllNotificationCallback: load 000007fef1220000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
29642560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
29652560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1220000 'C:\Windows\system32\wbem\wbemsvc.dll'
29662560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000934 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29672560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
29682560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
29692560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
29702560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
29712560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29722560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29732560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
29742560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
29752560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
29762560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
29772560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
29782560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
29792560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
29802560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
29812560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
29822560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000920 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29832560.260c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
29842560.260c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
29852560.260c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
29862560.260c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
29872560.260c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29882560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29892560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
29902560.260c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
29912560.260c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
29922560.260c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
29932560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29942560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29952560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
29962560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29972560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29982560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29992560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30002560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
30012560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
30022560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
30032560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30042560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30052560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30062560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30072560.260c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30082560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30092560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30102560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30112560.260c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30122560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c6481:<flags> [calling]
30132560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
30142560.260c: supR3HardenedDllNotificationCallback: load 000007fef8ae0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
30152560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
30162560.260c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
30172560.260c: supR3HardenedDllNotificationCallback: load 000007fef8a20000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
30182560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
30192560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ae0000 'C:\Windows\system32\wbem\fastprox.dll'
30202560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee80000 'C:\Windows\system32\OLEAUT32.dll'
30212560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
30222560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
30232560.260c: Error (rc=0):
30242560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
30252560.260c: Error (rc=0):
30262560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
30272560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
30282560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee80000 'C:\Windows\system32\OLEAUT32.DLL'
30292560.26d4: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
30302560.26d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30312560.26d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30322560.26d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
30332560.26d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30342560.26d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30352560.26d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30362560.26d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30372560.26d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30382560.26d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c41e761:<flags> [calling]
30392560.26d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30402560.26d4: supR3HardenedDllNotificationCallback: load 000007fecd0c0000 LB 0x0037d000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
30412560.26d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30422560.26d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd0c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30432560.21c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
30442560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
30452560.650: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
30462560.650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30472560.650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30482560.650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
30492560.650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
30502560.650: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30512560.650: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
30522560.650: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30532560.650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30542560.650: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30552560.650: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
30562560.650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30572560.650: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30582560.650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30592560.650: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30602560.650: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30612560.650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30622560.650: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30632560.650: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
30642560.650: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30652560.650: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30662560.650: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cfdde81:<flags> [calling]
30672560.650: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30682560.650: supR3HardenedDllNotificationCallback: load 000007feeed10000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
30692560.650: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
30702560.650: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeed10000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
30712560.21f0: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
30722560.21f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30732560.21f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
30742560.21f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30752560.21f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
30762560.21f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30772560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30782560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30792560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
30802560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
30812560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30822560.21f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30832560.21f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
30842560.21f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d17d7a1:<flags> [calling]
30852560.21f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30862560.21f0: supR3HardenedDllNotificationCallback: load 000007fee3580000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
30872560.21f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
30882560.21f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3580000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
30892560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
30902560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3a2b1:<flags> [calling]
30912560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\Shell32.dll'
30922560.744: supR3HardenedIsApiSetDll: '<NULL>' -> true
30932560.744: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000cb393b1:<flags> [calling]
30942560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff3a0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
30952560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30962560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3b6e1:<flags> [calling]
30972560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd0c0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30982560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
30992560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31002560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31012560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31022560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
31032560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
31042560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
31052560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31062560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31072560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31082560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
31092560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31102560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31112560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31122560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31132560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31142560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31152560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31162560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31172560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3c891:<flags> [calling]
31182560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31192560.744: supR3HardenedDllNotificationCallback: load 000007feced60000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
31202560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
31212560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced60000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
31222560.744: supR3HardenedDllNotificationCallback: Unload 000007feced60000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
31232560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
31242560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31252560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
31262560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
31272560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
31282560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
31292560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
31302560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
31312560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
31322560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
31332560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
31342560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
31352560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
31362560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
31372560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
31382560.744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b34 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31392560.744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
31402560.744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
31412560.744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
31422560.744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
31432560.744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31442560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31452560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
31462560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
31472560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
31482560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
31492560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
31502560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31512560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31522560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
31532560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
31542560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
31552560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31562560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31572560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
31582560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31592560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31602560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
31612560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
31622560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
31632560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31642560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31652560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
31662560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
31672560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
31682560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
31692560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
31702560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
31712560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
31722560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
31732560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
31742560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
31752560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
31762560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
31772560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31782560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31792560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
31802560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
31812560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
31822560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31832560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31842560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31852560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31862560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31872560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31882560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
31892560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31902560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31912560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31922560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31932560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31942560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31952560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
31962560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
31972560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
31982560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
31992560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32002560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32012560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
32022560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
32032560.744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b78 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
32042560.744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
32052560.744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
32062560.744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
32072560.744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_501_for_KB4054518~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
32082560.744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32092560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32102560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
32112560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
32122560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
32132560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32142560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32152560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32162560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
32172560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32182560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32192560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
32202560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
32212560.744: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
32222560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
32232560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
32242560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32252560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32262560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3db21:<flags> [calling]
32272560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
32282560.744: supR3HardenedDllNotificationCallback: load 000007fecc6b0000 LB 0x00a03000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
32292560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
32302560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32312560.744: supR3HardenedDllNotificationCallback: load 000007fecf980000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
32322560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
32332560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32342560.744: supR3HardenedDllNotificationCallback: load 000007fec4810000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
32352560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32362560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32372560.744: supR3HardenedDllNotificationCallback: load 000007fef89c0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
32382560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
32392560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32402560.744: supR3HardenedDllNotificationCallback: load 000007fef89b0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
32412560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
32422560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecc6b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
32432560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32442560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3db21:<flags> [calling]
32452560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32462560.744: supR3HardenedDllNotificationCallback: load 000007fecf840000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
32472560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
32482560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecf840000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
32492560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
32502560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3db21:<flags> [calling]
32512560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecd8b0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
32522560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
32532560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d8c1:<flags> [calling]
32542560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec4810000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
32552560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
32562560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32572560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32582560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
32592560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32602560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32612560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32622560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32632560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32642560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d931:<flags> [calling]
32652560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32662560.744: supR3HardenedDllNotificationCallback: load 000007fee34d0000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
32672560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
32682560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee34d0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
32692560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
32702560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32712560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32722560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
32732560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32742560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32752560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32762560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32772560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32782560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d931:<flags> [calling]
32792560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32802560.744: supR3HardenedDllNotificationCallback: load 000007fee13b0000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
32812560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
32822560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee13b0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
32832560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
32842560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32852560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
32862560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
32872560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32882560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
32892560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
32902560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
32912560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
32922560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d981:<flags> [calling]
32932560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32942560.744: supR3HardenedDllNotificationCallback: load 000007fee1350000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
32952560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
32962560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1350000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
32972560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
32982560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
32992560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33002560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
33012560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33022560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33032560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33042560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33052560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33062560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d981:<flags> [calling]
33072560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33082560.744: supR3HardenedDllNotificationCallback: load 000007fedd640000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
33092560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
33102560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd640000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
33112560.1b5c: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
33122560.1b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33132560.1b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
33142560.1b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33152560.1b5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
33162560.1b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33172560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33182560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33192560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33202560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33212560.1b5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33222560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33232560.1b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33242560.1b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ef3dc51:<flags> [calling]
33252560.1b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33262560.1b5c: supR3HardenedDllNotificationCallback: load 000007fedd2e0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
33272560.1b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
33282560.1b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd2e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
33292560.23dc: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
33302560.23dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33312560.23dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
33322560.23dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
33332560.23dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
33342560.23dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
33352560.23dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33362560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33372560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33382560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
33392560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
33402560.23dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
33412560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
33422560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
33432560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33442560.23dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33452560.23dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000f11dd11:<flags> [calling]
33462560.23dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33472560.23dc: supR3HardenedDllNotificationCallback: load 000007fee34c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
33482560.23dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
33492560.23dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee34c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
33502560.2380: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
33512560.2380: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33522560.2380: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
33532560.2380: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
33542560.2380: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
33552560.2380: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33562560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33572560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33582560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
33592560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
33602560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33612560.2380: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33622560.2380: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000f22ddd1:<flags> [calling]
33632560.2380: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33642560.2380: supR3HardenedDllNotificationCallback: load 000007fee13a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
33652560.2380: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
33662560.2380: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee13a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
33672560.744: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
33682560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
33692560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
33702560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
33712560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33722560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
33732560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
33742560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
33752560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
33762560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3f101:<flags> [calling]
33772560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33782560.744: supR3HardenedDllNotificationCallback: load 000007feef220000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
33792560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
33802560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef220000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
33812560.744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ccc pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33822560.744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
33832560.744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
33842560.744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
33852560.744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
33862560.744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33872560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33882560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
33892560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
33902560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
33912560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
33922560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33932560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
33942560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
33952560.744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd0 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
33962560.744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
33972560.744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
33982560.744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
33992560.744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
34002560.744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34012560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34022560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
34032560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
34042560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
34052560.744: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
34062560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
34072560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
34082560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34092560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34102560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34112560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34122560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34132560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34142560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
34152560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
34162560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34172560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34182560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
34192560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
34202560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
34212560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
34222560.744: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34232560.744: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34242560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d351:<flags> [calling]
34252560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
34262560.744: supR3HardenedDllNotificationCallback: load 000007fefb160000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
34272560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
34282560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
34292560.744: supR3HardenedDllNotificationCallback: load 000007fefafd0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
34302560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
34312560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\Windows\system32\ADVAPI32.dll'
34322560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb160000 'C:\Windows\System32\MMDevApi.dll'
34332560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
34342560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
34352560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3d681:<flags> [calling]
34362560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\Windows\system32\SETUPAPI.dll'
34372560.2390: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
34382560.2390: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001897f2e1:<flags> [calling]
34392560.2390: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'C:\Windows\system32\CFGMGR32.dll'
34402560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
34412560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3e801:<flags> [calling]
34422560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\Windows\system32\SHLWAPI.dll'
34432560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
34442560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cb3ea21:<flags> [calling]
34452560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb160000 'C:\Windows\system32\MMDEVAPI.DLL'
34462560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff0a0000 'C:\Windows\system32\ole32.dll'
34472560.744: KiUserExceptionDispatcher: 0xc0000005 (0000000000000000, 0000000000000002) @ 000007fecc7d2640 (flags=0x0)
3448 rax=0000000004023100 rbx=0000000004023100 rcx=0000000000000000 rdx=0000000000000003
3449 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
3450 r10=0000000000000000 r11=0000000004023100 r12=0000000000000000 r13=000000000cb3f100
3451 r14=0000000000000000 r15=0000000000000037 P1=0000000000000000 P2=00000000003a67b0
3452 rip=000007fecc7d2640 rsp=000000000cb3ef50 rbp=000000000cb3efd0 ctxflags=0010005f
3453 cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b eflags=00010246 mxcrx=00001f80
3454 P3=000000000cb3e8b0 P4=000000000cb3002e P5=0000000000000010 P6=000007fefef82f40
3455 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
3456 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000060 dcr=0000000000738880
3457 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
34582560.744: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
34592560.744: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000031ead00
34602560.744: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000031ead00
34612560.744: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
34622560.744: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
34632560.744: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34642560.744: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
34652560.744: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
34662560.744: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
34672560.744: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
34682560.744: supR3HardenedDllNotificationCallback: load 000007fefcbe0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
34692560.744: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
34702560.744: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbe0000 'C:\Windows\system32\apphelp.dll'
34712560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34722560.260c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c5d81:<flags> [calling]
34732560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\Windows\system32\WINMM.dll'
34742560.1ecc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee80000 'C:\Windows\system32\OLEAUT32.dll'
34752560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34762560.260c: Error (rc=0):
34772560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2048 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34782560.260c: Error (rc=0):
34792560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
34802560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
34812560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34822560.260c: Error (rc=0):
34832560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4096 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34842560.260c: Error (rc=0):
34852560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
34862560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
34872560.260c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34882560.260c: Error (rc=0):
34892560.260c: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8192 \Device\HarddiskVolume2\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll
34902560.260c: Error (rc=0):
34912560.260c: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll' (C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll): rcNt=0xc0000190
34922560.260c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files\Strumenti\windowspager64bit\lib\WindowsPagerMsgHook64.dll'
349316dc.568: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 101662 ms, the end);
34941d38.2220: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 102302 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy