VirtualBox

Ticket #20975: VBoxHardening.log

File VBoxHardening.log, 350.6 KB (added by Tony_Z, 2 years ago)
Line 
13248.4640: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000018 g_uNtVerCombined=0x611db110
23248.4640: \SystemRoot\System32\ntdll.dll:
33248.4640: CreationTime: 2020-01-15T10:10:19.313622200Z
43248.4640: LastWriteTime: 2020-01-03T03:35:05.302579400Z
53248.4640: ChangeTime: 2020-01-16T10:18:09.156822300Z
63248.4640: FileAttributes: 0x20
73248.4640: Size: 0x198080
83248.4640: NT Headers: 0xe0
93248.4640: Timestamp: 0x5e0eb67f
103248.4640: Machine: 0x8664 - amd64
113248.4640: Timestamp: 0x5e0eb67f
123248.4640: Image Version: 6.1
133248.4640: SizeOfImage: 0x19f000 (1699840)
143248.4640: Resource Dir: 0x142000 LB 0x5a038
153248.4640: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163248.4640: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
173248.4640: ProductName: Microsoft® Windows® Operating System
183248.4640: ProductVersion: 6.1.7601.24545
193248.4640: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
203248.4640: FileDescription: NT Layer DLL
213248.4640: \SystemRoot\System32\kernel32.dll:
223248.4640: CreationTime: 2020-01-15T10:10:06.178622200Z
233248.4640: LastWriteTime: 2020-01-03T03:33:39.604000000Z
243248.4640: ChangeTime: 2020-01-16T10:18:10.046022300Z
253248.4640: FileAttributes: 0x20
263248.4640: Size: 0x11be00
273248.4640: NT Headers: 0xe0
283248.4640: Timestamp: 0x5e0eb6bc
293248.4640: Machine: 0x8664 - amd64
303248.4640: Timestamp: 0x5e0eb6bc
313248.4640: Image Version: 6.1
323248.4640: SizeOfImage: 0x11f000 (1175552)
333248.4640: Resource Dir: 0x116000 LB 0x530
343248.4640: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353248.4640: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
363248.4640: ProductName: Microsoft® Windows® Operating System
373248.4640: ProductVersion: 6.1.7601.24545
383248.4640: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
393248.4640: FileDescription: Windows NT BASE API Client DLL
403248.4640: \SystemRoot\System32\KernelBase.dll:
413248.4640: CreationTime: 2020-01-15T10:10:04.477622200Z
423248.4640: LastWriteTime: 2020-01-03T03:33:39.604000000Z
433248.4640: ChangeTime: 2020-01-16T10:18:10.046022300Z
443248.4640: FileAttributes: 0x20
453248.4640: Size: 0x63c00
463248.4640: NT Headers: 0xe8
473248.4640: Timestamp: 0x5e0eb6bd
483248.4640: Machine: 0x8664 - amd64
493248.4640: Timestamp: 0x5e0eb6bd
503248.4640: Image Version: 6.1
513248.4640: SizeOfImage: 0x67000 (421888)
523248.4640: Resource Dir: 0x65000 LB 0x538
533248.4640: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543248.4640: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
553248.4640: ProductName: Microsoft® Windows® Operating System
563248.4640: ProductVersion: 6.1.7601.24545
573248.4640: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
583248.4640: FileDescription: Windows NT BASE API Client DLL
593248.4640: \SystemRoot\System32\apisetschema.dll:
603248.4640: CreationTime: 2020-01-15T10:09:59.984622200Z
613248.4640: LastWriteTime: 2020-01-03T03:33:11.406000000Z
623248.4640: ChangeTime: 2020-01-16T10:18:09.141222300Z
633248.4640: FileAttributes: 0x20
643248.4640: Size: 0x1c00
653248.4640: NT Headers: 0xc0
663248.4640: Timestamp: 0x5e0eb63f
673248.4640: Machine: 0x8664 - amd64
683248.4640: Timestamp: 0x5e0eb63f
693248.4640: Image Version: 6.1
703248.4640: SizeOfImage: 0x50000 (327680)
713248.4640: Resource Dir: 0x30000 LB 0x408
723248.4640: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733248.4640: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
743248.4640: ProductName: Microsoft® Windows® Operating System
753248.4640: ProductVersion: 6.1.7601.24545
763248.4640: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
773248.4640: FileDescription: ApiSet Schema DLL
783248.4640: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793248.4640: supR3HardenedWinFindAdversaries: 0x2
803248.4640: \SystemRoot\System32\drivers\symevent64x86.sys:
813248.4640: CreationTime: 2017-01-22T05:05:28.419000700Z
823248.4640: LastWriteTime: 2019-03-21T09:53:54.906890800Z
833248.4640: ChangeTime: 2019-03-21T09:53:54.906890800Z
843248.4640: FileAttributes: 0x20
853248.4640: Size: 0x186e0
863248.4640: NT Headers: 0xf0
873248.4640: Timestamp: 0x5bbbe164
883248.4640: Machine: 0x8664 - amd64
893248.4640: Timestamp: 0x5bbbe164
903248.4640: Image Version: 6.3
913248.4640: SizeOfImage: 0x21000 (135168)
923248.4640: Resource Dir: 0x1f000 LB 0x3c8
933248.4640: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
943248.4640: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
953248.4640: ProductName: SYMEVENT
963248.4640: ProductVersion: 14.0.7.71
973248.4640: FileVersion: 14.0.7.71
983248.4640: FileDescription: Symantec Event Library
993248.4640: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1003248.4640: Calling main()
1013248.4640: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
1023248.4640: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
1033248.4640: SUPR3HardenedMain: Respawn #1
1043248.4640: System32: \Device\HarddiskVolume3\Windows\System32
1053248.4640: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
1063248.4640: KnownDllPath: C:\Windows\system32
1073248.4640: supR3HardenedWinInit: Performing a limited self purification...
1083248.4640: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
1093248.4640: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1103248.4640: *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000
1113248.4640: 0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000
1123248.4640: *0000000000030000-0000000000030fff 0x0020/0x0020 0x0040000 !!
1133248.4640: 0000000000031000-000000000003ffff 0x0001/0x0000 0x0000000
1143248.4640: *0000000000040000-0000000000043fff 0x0002/0x0002 0x0040000
1153248.4640: 0000000000044000-000000000004ffff 0x0001/0x0000 0x0000000
1163248.4640: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
1173248.4640: 0000000000051000-000000000005ffff 0x0001/0x0000 0x0000000
1183248.4640: *0000000000060000-00000000000c6fff 0x0002/0x0002 0x0040000
1193248.4640: 00000000000c7000-00000000000cffff 0x0001/0x0000 0x0000000
1203248.4640: *00000000000d0000-00000000000eefff 0x0004/0x0004 0x0020000
1213248.4640: 00000000000ef000-00000000001cffff 0x0000/0x0004 0x0020000
1223248.4640: 00000000001d0000-00000000001dffff 0x0001/0x0000 0x0000000
1233248.4640: *00000000001e0000-0000000000291fff 0x0000/0x0004 0x0020000
1243248.4640: 0000000000292000-0000000000293fff 0x0104/0x0004 0x0020000
1253248.4640: 0000000000294000-00000000002dffff 0x0004/0x0004 0x0020000
1263248.4640: 00000000002e0000-00000000003fffff 0x0001/0x0000 0x0000000
1273248.4640: *0000000000400000-0000000000406fff 0x0004/0x0004 0x0020000
1283248.4640: 0000000000407000-00000000004fffff 0x0000/0x0004 0x0020000
1293248.4640: 0000000000500000-000000000060ffff 0x0001/0x0000 0x0000000
1303248.4640: *0000000000610000-000000000068ffff 0x0004/0x0004 0x0020000
1313248.4640: *0000000000690000-000000000082ffff 0x0004/0x0004 0x0020000
1323248.4640: 0000000000830000-000000003760ffff 0x0001/0x0000 0x0000000
1333248.4640: *0000000037610000-000000003761ffff 0x0020/0x0040 0x0020000 !!
1343248.4640: 0000000037620000-000000007745ffff 0x0001/0x0000 0x0000000
1353248.4640: *0000000077460000-0000000077460fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1363248.4640: 0000000077461000-00000000774fbfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1373248.4640: 00000000774fc000-0000000077569fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1383248.4640: 000000007756a000-000000007756bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1393248.4640: 000000007756c000-000000007757efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\kernel32.dll
1403248.4640: 000000007757f000-000000007757ffff 0x0001/0x0000 0x0000000
1413248.4640: *0000000077580000-0000000077580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1423248.4640: 0000000077581000-00000000776a4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1433248.4640: 00000000776a5000-00000000776a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1443248.4640: 00000000776a7000-00000000776a8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1453248.4640: 00000000776a9000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1463248.4640: 00000000776ab000-00000000776adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1473248.4640: 00000000776ae000-00000000776b0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1483248.4640: 00000000776b1000-00000000776b3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1493248.4640: 00000000776b4000-000000007771efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
1503248.4640: 000000007771f000-000000007efdffff 0x0001/0x0000 0x0000000
1513248.4640: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
1523248.4640: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
1533248.4640: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
1543248.4640: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1553248.4640: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1563248.4640: 000000007fff0000-000000013fb2ffff 0x0001/0x0000 0x0000000
1573248.4640: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1583248.4640: 000000013fb31000-000000013fba7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1593248.4640: 000000013fba8000-000000013fba8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1603248.4640: 000000013fba9000-000000013fbf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1613248.4640: 000000013fbf2000-000000013fbf4fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1623248.4640: 000000013fbf5000-000000013fbf7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1633248.4640: 000000013fbf8000-000000013fbfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1643248.4640: 000000013fbfb000-000000013fbfbfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1653248.4640: 000000013fbfc000-000000013fbfdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1663248.4640: 000000013fbfe000-000000013fbfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1673248.4640: 000000013fbff000-000000013fc47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1683248.4640: 000000013fc48000-000007fef174ffff 0x0001/0x0000 0x0000000
1693248.4640: *000007fef1750000-000007fef1750fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1703248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef1750000 LB 0x1000 (base 000007fef1750000) - 'aswhook.dll'
1713248.4640: 000007fef1751000-000007fef1759fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1723248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef1751000 LB 0x9000 (base 000007fef1750000) - 'aswhook.dll'
1733248.4640: 000007fef175a000-000007fef175cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1743248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef175a000 LB 0x3000 (base 000007fef1750000) - 'aswhook.dll'
1753248.4640: 000007fef175d000-000007fef175efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1763248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef175d000 LB 0x2000 (base 000007fef1750000) - 'aswhook.dll'
1773248.4640: 000007fef175f000-000007fef1762fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1783248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef175f000 LB 0x4000 (base 000007fef1750000) - 'aswhook.dll'
1793248.4640: 000007fef1763000-000007fef1763fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1803248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef1763000 LB 0x1000 (base 000007fef1750000) - 'aswhook.dll'
1813248.4640: 000007fef1764000-000007fef1765fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\AVG\Antivirus\aswhook.dll
1823248.4640: supHardNtVpScanVirtualMemory: Ignoring unknown mem at 000007fef1764000 LB 0x2000 (base 000007fef1750000) - 'aswhook.dll'
1833248.4640: 000007fef1766000-000007fefd27ffff 0x0001/0x0000 0x0000000
1843248.4640: *000007fefd280000-000007fefd280fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1853248.4640: 000007fefd281000-000007fefd2c7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1863248.4640: 000007fefd2c8000-000007fefd2dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1873248.4640: 000007fefd2dd000-000007fefd2defff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1883248.4640: 000007fefd2df000-000007fefd2e6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1893248.4640: 000007fefd2e7000-000007feff87ffff 0x0001/0x0000 0x0000000
1903248.4640: *000007feff880000-000007feff880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
1913248.4640: 000007feff881000-000007fffffaffff 0x0001/0x0000 0x0000000
1923248.4640: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1933248.4640: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
1943248.4640: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
1953248.4640: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
1963248.4640: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1973248.4640: apisetschema.dll: timestamp 0x5e0eb63f (rc=VINF_SUCCESS)
1983248.4640: kernelbase.dll: timestamp 0x5e0eb6bd (rc=VINF_SUCCESS)
1993248.4640: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS)
2003248.4640: kernel32.dll: timestamp 0x5e0eb6bc (rc=VINF_SUCCESS)
2013248.4640: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2023248.4640: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2033248.4640: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
2043248.4640: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
2053248.4640: ntdll.dll: Differences in section #1 (.text) between file and memory:
2063248.4640: 00000000775b19e0 / 0x00319e0: 4c != e9
2073248.4640: 00000000775b19e1 / 0x00319e1: 89 != f3
2083248.4640: 00000000775b19e2 / 0x00319e2: 4c != e7
2093248.4640: 00000000775b19e3 / 0x00319e3: 24 != 05
2103248.4640: 00000000775b19e4 / 0x00319e4: 20 != c0
2113248.4640: 00000000775b19e5 / 0x00319e5: 48 != cc
2123248.4640: 00000000775b19e6 / 0x00319e6: 89 != cc
2133248.4640: 00000000775b19e7 / 0x00319e7: 54 != cc
2143248.4640: 00000000775b19e8 / 0x00319e8: 24 != cc
2153248.4640: 00000000775b19e9 / 0x00319e9: 10 != cc
2163248.4640: Restored 0x2000 bytes of original file content at 00000000775b1000
2173248.4640: ntdll.dll: Differences in section #1 (.text) between file and memory:
2183248.4640: 0000000077620d30 / 0x00a0d30: 48 != e9
2193248.4640: 0000000077620d31 / 0x00a0d31: 89 != 43
2203248.4640: 0000000077620d32 / 0x00a0d32: 5c != f4
2213248.4640: 0000000077620d33 / 0x00a0d33: 24 != fe
2223248.4640: 0000000077620d34 / 0x00a0d34: 08 != bf
2233248.4640: 0000000077620d35 / 0x00a0d35: 48 != cc
2243248.4640: 0000000077620d36 / 0x00a0d36: 89 != cc
2253248.4640: 0000000077620d37 / 0x00a0d37: 74 != cc
2263248.4640: 0000000077620d38 / 0x00a0d38: 24 != cc
2273248.4640: 0000000077620d39 / 0x00a0d39: 10 != cc
2283248.4640: Restored 0x2000 bytes of original file content at 000000007761f51e
2293248.4640: ntdll.dll: Differences in section #1 (.text) between file and memory:
2303248.4640: 000000007766ac90 / 0x00eac90: 48 != e9
2313248.4640: 000000007766ac91 / 0x00eac91: 89 != a3
2323248.4640: 000000007766ac92 / 0x00eac92: 5c != 55
2333248.4640: 000000007766ac93 / 0x00eac93: 24 != fa
2343248.4640: 000000007766ac94 / 0x00eac94: 10 != bf
2353248.4640: 000000007766ac95 / 0x00eac95: 48 != cc
2363248.4640: 000000007766ac96 / 0x00eac96: 89 != cc
2373248.4640: 000000007766ac97 / 0x00eac97: 6c != cc
2383248.4640: 000000007766ac98 / 0x00eac98: 24 != cc
2393248.4640: 000000007766ac99 / 0x00eac99: 18 != cc
2403248.4640: Restored 0x2000 bytes of original file content at 000000007766951e
2413248.4640: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=3
2423248.4640: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
2433248.4640: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
2443248.4640: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
2453248.4640: supR3HardNtEnableThreadCreationEx:
2463248.4640: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775c3730 pvNtTerminateThread=00000000775e9cd0
2473248.4640: supR3HardenedWinDoReSpawn(1): New child 30c0.3cdc [kernel32].
2483248.4640: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
2493248.4640: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077580000 uNtDllChildAddr=0000000077580000
2503248.4640: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000775c3730
2513248.4640: supR3HardenedWinSetupChildInit: Initial context:
252 rax=0000000000000000 rbx=0000000000000000 rcx=000000013fb37900 rdx=000007fffffd8000
253 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
254 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
255 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
256 rip=00000000775d3710 rsp=00000000002bfb68 rbp=0000000000000000 ctxflags=0010001b
257 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
258 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
259 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
260 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
261 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
2623248.4640: supR3HardenedWinSetupChildInit: Start child.
2633248.4640: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
2643248.4640: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
2653248.4640: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2663248.4640: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2673248.4640: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2683248.4640: *0000000000030000-0000000000030fff 0x0020/0x0020 0x0040000 !!
2693248.4640: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000000000030000 (0000000000030000/0000000000030000 LB 0x1000)
2703248.4640: 0000000000031000-000000000003ffff 0x0001/0x0000 0x0000000
2713248.4640: *0000000000040000-0000000000043fff 0x0002/0x0002 0x0040000
2723248.4640: 0000000000044000-000000000004ffff 0x0001/0x0000 0x0000000
2733248.4640: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
2743248.4640: 0000000000051000-00000000001bffff 0x0001/0x0000 0x0000000
2753248.4640: *00000000001c0000-00000000002bbfff 0x0000/0x0004 0x0020000
2763248.4640: 00000000002bc000-00000000002bdfff 0x0104/0x0004 0x0020000
2773248.4640: 00000000002be000-00000000002bffff 0x0004/0x0004 0x0020000
2783248.4640: 00000000002c0000-000000007757ffff 0x0001/0x0000 0x0000000
2793248.4640: *0000000077580000-0000000077580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2803248.4640: 0000000077581000-00000000776a4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2813248.4640: 00000000776a5000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2823248.4640: 00000000776ab000-00000000776abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2833248.4640: 00000000776ac000-00000000776b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2843248.4640: 00000000776b4000-000000007771efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
2853248.4640: 000000007771f000-000000007efdffff 0x0001/0x0000 0x0000000
2863248.4640: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2873248.4640: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2883248.4640: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2893248.4640: 000000007fff0000-000000013fb2ffff 0x0001/0x0000 0x0000000
2903248.4640: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2913248.4640: 000000013fb31000-000000013fba7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2923248.4640: 000000013fba8000-000000013fba8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2933248.4640: 000000013fba9000-000000013fbf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2943248.4640: 000000013fbf2000-000000013fbf2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2953248.4640: 000000013fbf3000-000000013fbf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2963248.4640: 000000013fbf4000-000000013fbf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2973248.4640: 000000013fbf9000-000000013fbf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2983248.4640: 000000013fbfa000-000000013fbfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2993248.4640: 000000013fbfb000-000000013fbfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3003248.4640: 000000013fbff000-000000013fc47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3013248.4640: 000000013fc48000-000007feff87ffff 0x0001/0x0000 0x0000000
3023248.4640: *000007feff880000-000007feff880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
3033248.4640: 000007feff881000-000007fffffaffff 0x0001/0x0000 0x0000000
3043248.4640: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3053248.4640: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
3063248.4640: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
3073248.4640: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
3083248.4640: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
3093248.4640: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3103248.4640: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0
3113248.4640: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
3123248.4640: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3133248.4640: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
3143248.4640: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
3153248.4640: 0000000000030000-000000000003ffff 0x0001/0x0000 0x0000000
3163248.4640: *0000000000040000-0000000000043fff 0x0002/0x0002 0x0040000
3173248.4640: 0000000000044000-000000000004ffff 0x0001/0x0000 0x0000000
3183248.4640: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
3193248.4640: 0000000000051000-00000000001bffff 0x0001/0x0000 0x0000000
3203248.4640: *00000000001c0000-00000000002bbfff 0x0000/0x0004 0x0020000
3213248.4640: 00000000002bc000-00000000002bdfff 0x0104/0x0004 0x0020000
3223248.4640: 00000000002be000-00000000002bffff 0x0004/0x0004 0x0020000
3233248.4640: 00000000002c0000-000000007757ffff 0x0001/0x0000 0x0000000
3243248.4640: *0000000077580000-0000000077580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3253248.4640: 0000000077581000-00000000776a4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3263248.4640: 00000000776a5000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3273248.4640: 00000000776ab000-00000000776b3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3283248.4640: 00000000776b4000-000000007771efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
3293248.4640: 000000007771f000-000000007efdffff 0x0001/0x0000 0x0000000
3303248.4640: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
3313248.4640: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3323248.4640: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3333248.4640: 000000007fff0000-000000013fb2ffff 0x0001/0x0000 0x0000000
3343248.4640: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3353248.4640: 000000013fb31000-000000013fba7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3363248.4640: 000000013fba8000-000000013fba8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3373248.4640: 000000013fba9000-000000013fbf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3383248.4640: 000000013fbf2000-000000013fbfefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3393248.4640: 000000013fbff000-000000013fc47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3403248.4640: 000000013fc48000-000007feff87ffff 0x0001/0x0000 0x0000000
3413248.4640: *000007feff880000-000007feff880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
3423248.4640: 000007feff881000-000007fffffaffff 0x0001/0x0000 0x0000000
3433248.4640: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3443248.4640: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
3453248.4640: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
3463248.4640: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
3473248.4640: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
3483248.4640: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3493248.4640: supR3HardNtChildPurify: Done after 1060 ms and 1 fixes (loop #1).
35030c0.3cdc: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
35130c0.3cdc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077580000 g_uNtVerCombined=0x611db100 (stack ~00000000002bf618)
35230c0.3cdc: ntdll.dll: timestamp 0x5e0eb67f (rc=VINF_SUCCESS)
35330c0.3cdc: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1699840 allocation)
3543248.4640: supR3HardNtEnableThreadCreationEx:
35530c0.3cdc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
35630c0.3cdc: System32: \Device\HarddiskVolume3\Windows\System32
35730c0.3cdc: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
35830c0.3cdc: KnownDllPath: C:\Windows\system32
35930c0.3cdc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
36030c0.3cdc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
36130c0.3cdc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
36230c0.3cdc: Registered Dll notification callback with NTDLL.
36330c0.3cdc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
36430c0.3cdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
36530c0.3cdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
36630c0.3cdc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
36730c0.3cdc: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000030078 enmState=3 -> supR3HardenedWinDummyApcRoutine
36830c0.3cdc: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000030000 pvArg2=0000000000000000 pvArg3=0000000000000000
36930c0.3cdc: supR3HardenedDllNotificationCallback: load 0000000077460000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
37030c0.3cdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
37130c0.3cdc: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
37230c0.3cdc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
37330c0.3cdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
37430c0.3cdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077460000 'C:\Windows\system32\kernel32.dll'
37530c0.3cdc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775c3730 pvNtTerminateThread=00000000775e9cd0
3763248.4640: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 60 ms.
37730c0.3cdc: \SystemRoot\System32\ntdll.dll:
37830c0.3cdc: CreationTime: 2020-01-15T10:10:19.313622200Z
37930c0.3cdc: LastWriteTime: 2020-01-03T03:35:05.302579400Z
38030c0.3cdc: ChangeTime: 2020-01-16T10:18:09.156822300Z
38130c0.3cdc: FileAttributes: 0x20
38230c0.3cdc: Size: 0x198080
38330c0.3cdc: NT Headers: 0xe0
38430c0.3cdc: Timestamp: 0x5e0eb67f
38530c0.3cdc: Machine: 0x8664 - amd64
38630c0.3cdc: Timestamp: 0x5e0eb67f
38730c0.3cdc: Image Version: 6.1
38830c0.3cdc: SizeOfImage: 0x19f000 (1699840)
38930c0.3cdc: Resource Dir: 0x142000 LB 0x5a038
39030c0.3cdc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
39130c0.3cdc: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
39230c0.3cdc: ProductName: Microsoft® Windows® Operating System
39330c0.3cdc: ProductVersion: 6.1.7601.24545
39430c0.3cdc: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
39530c0.3cdc: FileDescription: NT Layer DLL
39630c0.3cdc: \SystemRoot\System32\kernel32.dll:
39730c0.3cdc: CreationTime: 2020-01-15T10:10:06.178622200Z
39830c0.3cdc: LastWriteTime: 2020-01-03T03:33:39.604000000Z
39930c0.3cdc: ChangeTime: 2020-01-16T10:18:10.046022300Z
40030c0.3cdc: FileAttributes: 0x20
40130c0.3cdc: Size: 0x11be00
40230c0.3cdc: NT Headers: 0xe0
40330c0.3cdc: Timestamp: 0x5e0eb6bc
40430c0.3cdc: Machine: 0x8664 - amd64
40530c0.3cdc: Timestamp: 0x5e0eb6bc
40630c0.3cdc: Image Version: 6.1
40730c0.3cdc: SizeOfImage: 0x11f000 (1175552)
40830c0.3cdc: Resource Dir: 0x116000 LB 0x530
40930c0.3cdc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
41030c0.3cdc: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
41130c0.3cdc: ProductName: Microsoft® Windows® Operating System
41230c0.3cdc: ProductVersion: 6.1.7601.24545
41330c0.3cdc: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
41430c0.3cdc: FileDescription: Windows NT BASE API Client DLL
41530c0.3cdc: \SystemRoot\System32\KernelBase.dll:
41630c0.3cdc: CreationTime: 2020-01-15T10:10:04.477622200Z
41730c0.3cdc: LastWriteTime: 2020-01-03T03:33:39.604000000Z
41830c0.3cdc: ChangeTime: 2020-01-16T10:18:10.046022300Z
41930c0.3cdc: FileAttributes: 0x20
42030c0.3cdc: Size: 0x63c00
42130c0.3cdc: NT Headers: 0xe8
42230c0.3cdc: Timestamp: 0x5e0eb6bd
42330c0.3cdc: Machine: 0x8664 - amd64
42430c0.3cdc: Timestamp: 0x5e0eb6bd
42530c0.3cdc: Image Version: 6.1
42630c0.3cdc: SizeOfImage: 0x67000 (421888)
42730c0.3cdc: Resource Dir: 0x65000 LB 0x538
42830c0.3cdc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
42930c0.3cdc: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
43030c0.3cdc: ProductName: Microsoft® Windows® Operating System
43130c0.3cdc: ProductVersion: 6.1.7601.24545
43230c0.3cdc: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
43330c0.3cdc: FileDescription: Windows NT BASE API Client DLL
43430c0.3cdc: \SystemRoot\System32\apisetschema.dll:
43530c0.3cdc: CreationTime: 2020-01-15T10:09:59.984622200Z
43630c0.3cdc: LastWriteTime: 2020-01-03T03:33:11.406000000Z
43730c0.3cdc: ChangeTime: 2020-01-16T10:18:09.141222300Z
43830c0.3cdc: FileAttributes: 0x20
43930c0.3cdc: Size: 0x1c00
44030c0.3cdc: NT Headers: 0xc0
44130c0.3cdc: Timestamp: 0x5e0eb63f
44230c0.3cdc: Machine: 0x8664 - amd64
44330c0.3cdc: Timestamp: 0x5e0eb63f
44430c0.3cdc: Image Version: 6.1
44530c0.3cdc: SizeOfImage: 0x50000 (327680)
44630c0.3cdc: Resource Dir: 0x30000 LB 0x408
44730c0.3cdc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
44830c0.3cdc: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
44930c0.3cdc: ProductName: Microsoft® Windows® Operating System
45030c0.3cdc: ProductVersion: 6.1.7601.24545
45130c0.3cdc: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
45230c0.3cdc: FileDescription: ApiSet Schema DLL
45330c0.3cdc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
45430c0.3cdc: supR3HardenedWinFindAdversaries: 0x2
45530c0.3cdc: \SystemRoot\System32\drivers\symevent64x86.sys:
45630c0.3cdc: CreationTime: 2017-01-22T05:05:28.419000700Z
45730c0.3cdc: LastWriteTime: 2019-03-21T09:53:54.906890800Z
45830c0.3cdc: ChangeTime: 2019-03-21T09:53:54.906890800Z
45930c0.3cdc: FileAttributes: 0x20
46030c0.3cdc: Size: 0x186e0
46130c0.3cdc: NT Headers: 0xf0
46230c0.3cdc: Timestamp: 0x5bbbe164
46330c0.3cdc: Machine: 0x8664 - amd64
46430c0.3cdc: Timestamp: 0x5bbbe164
46530c0.3cdc: Image Version: 6.3
46630c0.3cdc: SizeOfImage: 0x21000 (135168)
46730c0.3cdc: Resource Dir: 0x1f000 LB 0x3c8
46830c0.3cdc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
46930c0.3cdc: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
47030c0.3cdc: ProductName: SYMEVENT
47130c0.3cdc: ProductVersion: 14.0.7.71
47230c0.3cdc: FileVersion: 14.0.7.71
47330c0.3cdc: FileDescription: Symantec Event Library
47430c0.3cdc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
47530c0.3cdc: Calling main()
47630c0.3cdc: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
47730c0.3cdc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
47830c0.3cdc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
47930c0.3cdc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
48030c0.3cdc: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
48130c0.3cdc: SUPR3HardenedMain: Respawn #2
48230c0.3cdc: supR3HardNtEnableThreadCreationEx:
48330c0.3cdc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
48430c0.3cdc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
48530c0.3cdc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
48630c0.3cdc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
48730c0.3cdc: supR3HardenedDllNotificationCallback: load 000007fefcf10000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
48830c0.3cdc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
48930c0.3cdc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf10000 'C:\Windows\system32\apphelp.dll'
49030c0.3cdc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775c3730 pvNtTerminateThread=00000000775e9cd0
49130c0.3cdc: supR3HardenedWinDoReSpawn(2): New child 4624.4110 [kernel32].
49230c0.3cdc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
49330c0.3cdc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077580000 uNtDllChildAddr=0000000077580000
49430c0.3cdc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000775c3730
49530c0.3cdc: supR3HardenedWinSetupChildInit: Initial context:
496 rax=0000000000000000 rbx=0000000000000000 rcx=000000013fb37900 rdx=000007fffffd5000
497 rsi=0000000000000000 rdi=0000000000000000 r8 =0000000000000000 r9 =0000000000000000
498 r10=0000000000000000 r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
499 r14=0000000000000000 r15=0000000000000000 P1=0000000000000000 P2=0000000000000000
500 rip=00000000775d3710 rsp=000000000024f838 rbp=0000000000000000 ctxflags=0010001b
501 cs=0033 ss=002b ds=0000 es=0000 fs=0000 gs=0000 eflags=00000200 mxcrx=00001f80
502 P3=0000000000000000 P4=0000000000000000 P5=0000000000000000 P6=0000000000000000
503 dr0=0000000000000000 dr1=0000000000000000 dr2=0000000000000000 dr3=0000000000000000
504 dr6=0000000000000000 dr7=0000000000000000 vcr=0000000000000000 dcr=0000000000000000
505 lbt=0000000000000000 lbf=0000000000000000 lxt=0000000000000000 lxf=0000000000000000
50630c0.3cdc: kernel32.dll: timestamp 0x5e0eb6bc (rc=VINF_SUCCESS)
50730c0.3cdc: supR3HardenedWinSetupChildInit: Start child.
50830c0.3cdc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
50930c0.3cdc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
51030c0.3cdc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
51130c0.3cdc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
51230c0.3cdc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
51330c0.3cdc: *0000000000030000-0000000000030fff 0x0020/0x0020 0x0040000 !!
51430c0.3cdc: supHardNtVpScanVirtualMemory: Unmapping exec mem at 0000000000030000 (0000000000030000/0000000000030000 LB 0x1000)
51530c0.3cdc: 0000000000031000-000000000003ffff 0x0001/0x0000 0x0000000
51630c0.3cdc: *0000000000040000-0000000000043fff 0x0002/0x0002 0x0040000
51730c0.3cdc: 0000000000044000-000000000004ffff 0x0001/0x0000 0x0000000
51830c0.3cdc: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
51930c0.3cdc: 0000000000051000-000000000014ffff 0x0001/0x0000 0x0000000
52030c0.3cdc: *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000
52130c0.3cdc: 000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000
52230c0.3cdc: 000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000
52330c0.3cdc: 0000000000250000-000000007757ffff 0x0001/0x0000 0x0000000
52430c0.3cdc: *0000000077580000-0000000077580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
52530c0.3cdc: 0000000077581000-00000000776a4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
52630c0.3cdc: 00000000776a5000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
52730c0.3cdc: 00000000776ab000-00000000776abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
52830c0.3cdc: 00000000776ac000-00000000776b3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
52930c0.3cdc: 00000000776b4000-000000007771efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
53030c0.3cdc: 000000007771f000-000000007efdffff 0x0001/0x0000 0x0000000
53130c0.3cdc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
53230c0.3cdc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
53330c0.3cdc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
53430c0.3cdc: 000000007fff0000-000000013fb2ffff 0x0001/0x0000 0x0000000
53530c0.3cdc: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53630c0.3cdc: 000000013fb31000-000000013fba7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53730c0.3cdc: 000000013fba8000-000000013fba8fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53830c0.3cdc: 000000013fba9000-000000013fbf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
53930c0.3cdc: 000000013fbf2000-000000013fbf2fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54030c0.3cdc: 000000013fbf3000-000000013fbf3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54130c0.3cdc: 000000013fbf4000-000000013fbf8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54230c0.3cdc: 000000013fbf9000-000000013fbf9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54330c0.3cdc: 000000013fbfa000-000000013fbfafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54430c0.3cdc: 000000013fbfb000-000000013fbfefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54530c0.3cdc: 000000013fbff000-000000013fc47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
54630c0.3cdc: 000000013fc48000-000007feff87ffff 0x0001/0x0000 0x0000000
54730c0.3cdc: *000007feff880000-000007feff880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
54830c0.3cdc: 000007feff881000-000007fffffaffff 0x0001/0x0000 0x0000000
54930c0.3cdc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
55030c0.3cdc: 000007fffffd3000-000007fffffd4fff 0x0001/0x0000 0x0000000
55130c0.3cdc: *000007fffffd5000-000007fffffd5fff 0x0004/0x0004 0x0020000
55230c0.3cdc: 000007fffffd6000-000007fffffddfff 0x0001/0x0000 0x0000000
55330c0.3cdc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
55430c0.3cdc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
55530c0.3cdc: apisetschema.dll: timestamp 0x5e0eb63f (rc=VINF_SUCCESS)
55630c0.3cdc: VirtualBoxVM.exe: timestamp 0x623a5dfe (rc=VINF_SUCCESS)
55730c0.3cdc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
55830c0.3cdc: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
55930c0.3cdc: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
56030c0.3cdc: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
56130c0.3cdc: supR3HardNtChildPurify: cFixes=1 g_fSupAdversaries=0x2 cPatchCount=0
56230c0.3cdc: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
56330c0.3cdc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
56430c0.3cdc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
56530c0.3cdc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
56630c0.3cdc: 0000000000030000-000000000003ffff 0x0001/0x0000 0x0000000
56730c0.3cdc: *0000000000040000-0000000000043fff 0x0002/0x0002 0x0040000
56830c0.3cdc: 0000000000044000-000000000004ffff 0x0001/0x0000 0x0000000
56930c0.3cdc: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
57030c0.3cdc: 0000000000051000-000000000014ffff 0x0001/0x0000 0x0000000
57130c0.3cdc: *0000000000150000-000000000024bfff 0x0000/0x0004 0x0020000
57230c0.3cdc: 000000000024c000-000000000024dfff 0x0104/0x0004 0x0020000
57330c0.3cdc: 000000000024e000-000000000024ffff 0x0004/0x0004 0x0020000
57430c0.3cdc: 0000000000250000-000000007757ffff 0x0001/0x0000 0x0000000
57530c0.3cdc: *0000000077580000-0000000077580fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
57630c0.3cdc: 0000000077581000-00000000776a4fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
57730c0.3cdc: 00000000776a5000-00000000776aafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
57830c0.3cdc: 00000000776ab000-00000000776b3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
57930c0.3cdc: 00000000776b4000-000000007771efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
58030c0.3cdc: 000000007771f000-000000007efdffff 0x0001/0x0000 0x0000000
58130c0.3cdc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
58230c0.3cdc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
58330c0.3cdc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
58430c0.3cdc: 000000007fff0000-000000013fb2ffff 0x0001/0x0000 0x0000000
58530c0.3cdc: *000000013fb30000-000000013fb30fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
58630c0.3cdc: 000000013fb31000-000000013fba7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
58730c0.3cdc: 000000013fba8000-000000013fba8fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
58830c0.3cdc: 000000013fba9000-000000013fbf1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
58930c0.3cdc: 000000013fbf2000-000000013fbfefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
59030c0.3cdc: 000000013fbff000-000000013fc47fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
59130c0.3cdc: 000000013fc48000-000007feff87ffff 0x0001/0x0000 0x0000000
59230c0.3cdc: *000007feff880000-000007feff880fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
59330c0.3cdc: 000007feff881000-000007fffffaffff 0x0001/0x0000 0x0000000
59430c0.3cdc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
59530c0.3cdc: 000007fffffd3000-000007fffffd4fff 0x0001/0x0000 0x0000000
59630c0.3cdc: *000007fffffd5000-000007fffffd5fff 0x0004/0x0004 0x0020000
59730c0.3cdc: 000007fffffd6000-000007fffffddfff 0x0001/0x0000 0x0000000
59830c0.3cdc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
59930c0.3cdc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
60030c0.3cdc: supR3HardNtChildPurify: Done after 1258 ms and 1 fixes (loop #1).
6014624.4110: Log file opened: 6.1.34r150636 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
6024624.4110: supR3HardenedVmProcessInit: uNtDllAddr=0000000077580000 g_uNtVerCombined=0x611db100 (stack ~000000000024f2e8)
60330c0.3cdc: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
60430c0.3cdc: supR3HardNtEnableThreadCreationEx:
6054624.4110: ntdll.dll: timestamp 0x5e0eb67f (rc=VINF_SUCCESS)
6064624.4110: New simple heap: #1 0000000000350000 LB 0x400000 (for 1699840 allocation)
6074624.4110: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
6084624.4110: System32: \Device\HarddiskVolume3\Windows\System32
6094624.4110: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
6104624.4110: KnownDllPath: C:\Windows\system32
6114624.4110: supR3HardenedVmProcessInit: Opening vboxdrv...
6124624.4110: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6134624.4110: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6144624.4110: Registered Dll notification callback with NTDLL.
6154624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
6164624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
6174624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6184624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6194624.4110: supR3HardenedMonitor_KiUserApcDispatcher_C: pfnRoutine=0000000000030078 enmState=4 -> supR3HardenedWinDummyApcRoutine
6204624.4110: supR3HardenedWinDummyApcRoutine: pvArg1=0000000000030000 pvArg2=0000000000000000 pvArg3=0000000000000000
6214624.4110: supR3HardenedDllNotificationCallback: load 0000000077460000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
6224624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6234624.4110: supR3HardenedDllNotificationCallback: load 000007fefd280000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
6244624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
6254624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
6264624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077460000 'C:\Windows\system32\kernel32.dll'
6274624.4110: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775c3730 pvNtTerminateThread=00000000775e9cd0
62830c0.3cdc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 69 ms.
6294624.4110: \SystemRoot\System32\ntdll.dll:
6304624.4110: CreationTime: 2020-01-15T10:10:19.313622200Z
6314624.4110: LastWriteTime: 2020-01-03T03:35:05.302579400Z
6324624.4110: ChangeTime: 2020-01-16T10:18:09.156822300Z
6334624.4110: FileAttributes: 0x20
6344624.4110: Size: 0x198080
6354624.4110: NT Headers: 0xe0
6364624.4110: Timestamp: 0x5e0eb67f
6374624.4110: Machine: 0x8664 - amd64
6384624.4110: Timestamp: 0x5e0eb67f
6394624.4110: Image Version: 6.1
6404624.4110: SizeOfImage: 0x19f000 (1699840)
6414624.4110: Resource Dir: 0x142000 LB 0x5a038
6424624.4110: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6434624.4110: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
6444624.4110: ProductName: Microsoft® Windows® Operating System
6454624.4110: ProductVersion: 6.1.7601.24545
6464624.4110: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
6474624.4110: FileDescription: NT Layer DLL
6484624.4110: \SystemRoot\System32\kernel32.dll:
6494624.4110: CreationTime: 2020-01-15T10:10:06.178622200Z
6504624.4110: LastWriteTime: 2020-01-03T03:33:39.604000000Z
6514624.4110: ChangeTime: 2020-01-16T10:18:10.046022300Z
6524624.4110: FileAttributes: 0x20
6534624.4110: Size: 0x11be00
6544624.4110: NT Headers: 0xe0
6554624.4110: Timestamp: 0x5e0eb6bc
6564624.4110: Machine: 0x8664 - amd64
6574624.4110: Timestamp: 0x5e0eb6bc
6584624.4110: Image Version: 6.1
6594624.4110: SizeOfImage: 0x11f000 (1175552)
6604624.4110: Resource Dir: 0x116000 LB 0x530
6614624.4110: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6624624.4110: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
6634624.4110: ProductName: Microsoft® Windows® Operating System
6644624.4110: ProductVersion: 6.1.7601.24545
6654624.4110: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
6664624.4110: FileDescription: Windows NT BASE API Client DLL
6674624.4110: \SystemRoot\System32\KernelBase.dll:
6684624.4110: CreationTime: 2020-01-15T10:10:04.477622200Z
6694624.4110: LastWriteTime: 2020-01-03T03:33:39.604000000Z
6704624.4110: ChangeTime: 2020-01-16T10:18:10.046022300Z
6714624.4110: FileAttributes: 0x20
6724624.4110: Size: 0x63c00
6734624.4110: NT Headers: 0xe8
6744624.4110: Timestamp: 0x5e0eb6bd
6754624.4110: Machine: 0x8664 - amd64
6764624.4110: Timestamp: 0x5e0eb6bd
6774624.4110: Image Version: 6.1
6784624.4110: SizeOfImage: 0x67000 (421888)
6794624.4110: Resource Dir: 0x65000 LB 0x538
6804624.4110: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6814624.4110: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
6824624.4110: ProductName: Microsoft® Windows® Operating System
6834624.4110: ProductVersion: 6.1.7601.24545
6844624.4110: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
6854624.4110: FileDescription: Windows NT BASE API Client DLL
6864624.4110: \SystemRoot\System32\apisetschema.dll:
6874624.4110: CreationTime: 2020-01-15T10:09:59.984622200Z
6884624.4110: LastWriteTime: 2020-01-03T03:33:11.406000000Z
6894624.4110: ChangeTime: 2020-01-16T10:18:09.141222300Z
6904624.4110: FileAttributes: 0x20
6914624.4110: Size: 0x1c00
6924624.4110: NT Headers: 0xc0
6934624.4110: Timestamp: 0x5e0eb63f
6944624.4110: Machine: 0x8664 - amd64
6954624.4110: Timestamp: 0x5e0eb63f
6964624.4110: Image Version: 6.1
6974624.4110: SizeOfImage: 0x50000 (327680)
6984624.4110: Resource Dir: 0x30000 LB 0x408
6994624.4110: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7004624.4110: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
7014624.4110: ProductName: Microsoft® Windows® Operating System
7024624.4110: ProductVersion: 6.1.7601.24545
7034624.4110: FileVersion: 6.1.7601.24545 (win7sp1_ldr_escrow.200102-1707)
7044624.4110: FileDescription: ApiSet Schema DLL
7054624.4110: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7064624.4110: supR3HardenedWinFindAdversaries: 0x2
7074624.4110: \SystemRoot\System32\drivers\symevent64x86.sys:
7084624.4110: CreationTime: 2017-01-22T05:05:28.419000700Z
7094624.4110: LastWriteTime: 2019-03-21T09:53:54.906890800Z
7104624.4110: ChangeTime: 2019-03-21T09:53:54.906890800Z
7114624.4110: FileAttributes: 0x20
7124624.4110: Size: 0x186e0
7134624.4110: NT Headers: 0xf0
7144624.4110: Timestamp: 0x5bbbe164
7154624.4110: Machine: 0x8664 - amd64
7164624.4110: Timestamp: 0x5bbbe164
7174624.4110: Image Version: 6.3
7184624.4110: SizeOfImage: 0x21000 (135168)
7194624.4110: Resource Dir: 0x1f000 LB 0x3c8
7204624.4110: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7214624.4110: [Raw version resource data: 0x1f0b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
7224624.4110: ProductName: SYMEVENT
7234624.4110: ProductVersion: 14.0.7.71
7244624.4110: FileVersion: 14.0.7.71
7254624.4110: FileDescription: Symantec Event Library
7264624.4110: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7274624.4110: Calling main()
7284624.4110: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
7294624.4110: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
7304624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe: Signature #1/2: info status: 24202
7314624.4110: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
7324624.4110: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
7334624.4110: SUPR3HardenedMain: Final process, opening VBoxDrv...
7344624.4110: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000350000 LB 0x400000)
7354624.4110: supR3HardNtEnableThreadCreationEx:
7364624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll: Signature #1/2: info status: 24202
7374624.4110: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
7384624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
7394624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b171:<flags> [calling]
7404624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7414624.4110: supR3HardenedDllNotificationCallback: load 000007fefa5b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
7424624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7434624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7444624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002488f1:<flags> [calling]
7454624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7464624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
7474624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002488f1:<flags> [calling]
7484624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7494624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
7504624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7514624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
7524624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
7534624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
7544624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
7554624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
7564624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7584624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
7594624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
7604624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7614624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7624624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
7634624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
7644624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7654624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7664624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7674624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
7684624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
7694624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
7704624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7714624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7724624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
7734624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
7744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7754624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7764624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7774624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7784624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7794624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7804624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024cf81:<flags> [calling]
7814624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7824624.4110: supR3HardenedDllNotificationCallback: load 000007fefd170000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
7834624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7844624.4110: supR3HardenedDllNotificationCallback: load 000007fefd4b0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
7854624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7864624.4110: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
7874624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7884624.4110: supR3HardenedDllNotificationCallback: load 000007fefd0d0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
7894624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7904624.4110: supR3HardenedDllNotificationCallback: load 000007fefe610000 LB 0x0012c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
7914624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7924624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\Wintrust.dll'
7934624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
7944624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
7954624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024cf81:<flags> [calling]
7964624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7974624.4110: supR3HardenedDllNotificationCallback: load 000007fefca10000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
7984624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7994624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca10000 'C:\Windows\system32\bcrypt.dll'
8004624.4110: bcrypt.dll loaded at 000007fefca10000, BCryptOpenAlgorithmProvider at 000007fefca12460, preloading providers:
8014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
8024624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
8034624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
8044624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
8054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8074624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8084624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8094624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8104624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8114624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
8124624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
8134624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
8144624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8164624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8174624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8194624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8204624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024cf61:<flags> [calling]
8214624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8224624.4110: supR3HardenedDllNotificationCallback: load 000007fefc980000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
8234624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
8244624.4110: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
8254624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8264624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8274624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
8284624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
8294624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
8304624.4110: supR3HardenedDllNotificationCallback: load 000007fefd490000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
8314624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
8324624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc980000 'C:\Windows\system32\bcryptprimitives.dll'
8334624.4110: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000092f100)
8344624.4110: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000092ffd0)
8354624.4110: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000930100)
8364624.4110: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000930320)
8374624.4110: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000930450)
8384624.4110: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000930580)
8394624.4110: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000009307d0)
8404624.4110: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000930900)
8414624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
8424624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
8434624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8444624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8454624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8464624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8484624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8494624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024cad1:<flags> [calling]
8504624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8514624.4110: supR3HardenedDllNotificationCallback: load 000007fefc870000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
8524624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
8534624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc870000 'C:\Windows\system32\CRYPTSP.dll'
8544624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8554624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
8564624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
8574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8584624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8594624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8604624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024ca61:<flags> [calling]
8614624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8624624.4110: supR3HardenedDllNotificationCallback: load 000007fefc570000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
8634624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
8644624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc570000 'C:\Windows\system32\rsaenh.dll'
8654624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8664624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c2f1:<flags> [calling]
8674624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
8684624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
8694624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
8704624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c671:<flags> [calling]
8714624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8724624.4110: supR3HardenedDllNotificationCallback: load 000007fefcf70000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
8734624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
8744624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf70000 'C:\Windows\system32\CRYPTBASE.dll'
8754624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
8764624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c0a1:<flags> [calling]
8774624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077460000 'C:\Windows\system32\kernel32.dll'
8784624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8794624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024ca31:<flags> [calling]
8804624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\WINTRUST.DLL'
8814624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8824624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024c861:<flags> [calling]
8834624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\CRYPT32.dll'
8844624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8854624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
8864624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
8874624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
8884624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8894624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8904624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8914624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8924624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8934624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8944624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c8b1:<flags> [calling]
8954624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
8964624.4110: supR3HardenedDllNotificationCallback: load 000007fefe8e0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
8974624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
8984624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8e0000 'C:\Windows\system32\imagehlp.dll'
8994624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9004624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024ca01:<flags> [calling]
9014624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc870000 'C:\Windows\system32\CRYPTSP.dll'
9024624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9034624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
9044624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
9054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9074624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
9084624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
9094624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
9104624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
9114624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
9124624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
9134624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
9144624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
9154624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
9164624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
9174624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
9184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9194624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9204624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9214624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
9224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
9234624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9244624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9254624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
9264624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
9274624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
9284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9294624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9304624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9314624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9324624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9334624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9344624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9354624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9364624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9374624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9384624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9394624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9404624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9414624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9424624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9434624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c531:<flags> [calling]
9444624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9454624.4110: supR3HardenedDllNotificationCallback: load 0000000077360000 LB 0x000fb000 C:\Windows\system32\USER32.dll [fFlags=0x0]
9464624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9474624.4110: supR3HardenedDllNotificationCallback: load 000007fefe820000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
9484624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9494624.4110: supR3HardenedDllNotificationCallback: load 000007fefe030000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
9504624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
9514624.4110: supR3HardenedDllNotificationCallback: load 000007fefe1a0000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
9524624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
9534624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9544624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024ba31:<flags> [calling]
9554624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\gdi32.dll'
9564624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
9574624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
9584624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
9594624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
9604624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
9614624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
9624624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
9634624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9644624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
9654624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
9664624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
9674624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
9684624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
9694624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9704624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9714624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9724624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9734624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9744624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9754624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
9764624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
9774624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9784624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
9794624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
9804624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
9814624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
9824624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
9834624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
9844624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9854624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9864624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9874624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b371:<flags> [calling]
9884624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9894624.4110: supR3HardenedDllNotificationCallback: load 000007fefe5e0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
9904624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
9914624.4110: supR3HardenedDllNotificationCallback: load 000007fefd6e0000 LB 0x0010b000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
9924624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
9934624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5e0000 'C:\Windows\system32\IMM32.DLL'
9944624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\USER32.dll'
9954624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
9964624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
9974624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
9984624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
9994624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
10004624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
10014624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
10024624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
10034624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10044624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10054624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
10074624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
10084624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10094624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c831:<flags> [calling]
10104624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10114624.4110: supR3HardenedDllNotificationCallback: load 000007fefca40000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
10124624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
10134624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca40000 'C:\Windows\system32\ncrypt.dll'
10144624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
10154624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c621:<flags> [calling]
10164624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca10000 'C:\Windows\system32\bcrypt.dll'
10174624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10184624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
10194624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
10204624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
10214624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
10224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
10234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
10244624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10254624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
10264624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
10274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10294624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10304624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10314624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10324624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10334624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10344624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10354624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10364624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bfb1:<flags> [calling]
10374624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10384624.4110: supR3HardenedDllNotificationCallback: load 000007fefd260000 LB 0x0001f000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
10394624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
10404624.4110: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
10414624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
10424624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd260000 'C:\Windows\system32\USERENV.dll'
10434624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
10444624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bd11:<flags> [calling]
10454624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10464624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
10474624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024c0a1:<flags> [calling]
10484624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10494624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10504624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
10514624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
10524624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
10534624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10544624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
10554624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10564624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10584624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10594624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c2d1:<flags> [calling]
10604624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10614624.4110: supR3HardenedDllNotificationCallback: load 000007fefc370000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
10624624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
10634624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc370000 'C:\Windows\system32\GPAPI.dll'
10644624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
10654624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024c221:<flags> [calling]
10664624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-WIN-Service-Management-L1-1-0.dll'
10674624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
10684624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b921:<flags> [calling]
10694624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe610000 'C:\Windows\system32\rpcrt4.dll'
10704624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
10714624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024c201:<flags> [calling]
10724624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-WIN-Service-Management-L2-1-0.dll'
10734624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
10744624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024c211:<flags> [calling]
10754624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10764624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10774624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
10784624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
10794624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
10804624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
10814624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
10824624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
10834624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
10844624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10854624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
10864624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
10874624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10884624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10894624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10904624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10914624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10924624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10934624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10944624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10954624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10964624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10974624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10984624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10994624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bd11:<flags> [calling]
11004624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11014624.4110: supR3HardenedDllNotificationCallback: load 000007fef2350000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
11024624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11034624.4110: supR3HardenedDllNotificationCallback: load 000007fefe740000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
11044624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
11054624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11064624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11074624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11084624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11094624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11104624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11114624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11124624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11134624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11144624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11154624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11164624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11174624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11184624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11194624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11204624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11214624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000024af41:<flags> [calling]
11224624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11234624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11244624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11254624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11264624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11274624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11284624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11294624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11304624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11314624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11324624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11334624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11344624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
11354624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2350000 'C:\Windows\system32\cryptnet.dll'
11364624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11374624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024b631:<flags> [calling]
11384624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11394624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11404624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b631:<flags> [calling]
11414624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\profapi.dll'
11424624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11434624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11444624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11454624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
11464624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
11474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11484624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11494624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11504624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11514624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11524624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
11534624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11544624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11554624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11564624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b0c1:<flags> [calling]
11574624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
11584624.4110: supR3HardenedDllNotificationCallback: load 000007fefe120000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
11594624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
11604624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe120000 'C:\Windows\system32\SHLWAPI.dll'
11614624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11624624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024ca41:<flags> [calling]
11634624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
11644624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
11654624.4110: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007eff00
11664624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
11674624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F8CD815F0CD05638A6894535B0372BF0C0378D10
11684624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11694624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bff1:<flags> [calling]
11704624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11714624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11724624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bb51:<flags> [calling]
11734624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-WIN-Service-Management-L1-1-0.dll'
11744624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11754624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bb51:<flags> [calling]
11764624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
11774624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11784624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bff1:<flags> [calling]
11794624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
11804624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11814624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bfa1:<flags> [calling]
11824624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11834624.4110: supR3HardenedIsApiSetDll: '<NULL>' -> true
11844624.4110: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000024bc91:<flags> [calling]
11854624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
11864624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11874624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c4c1:<flags> [calling]
11884624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
11894624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\SystemRoot\System32\ntdll.dll'
11904624.4110: g_pfnWinVerifyTrust=000007fefd171010
11914624.4110: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
11924624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c4 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
11934624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
11944624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
11954624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB46C4F6B834DB9328784D5BE3326BD80E3042DA
11964624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11974624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b231:<flags> [calling]
11984624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
11994624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
12004624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12014624.4110: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
12024624.4110: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
12034624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000b8 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
12044624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12054624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12064624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1F7258EF71AF066FD00F9B71F0DE2B52FBACE45
12074624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
12084624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b231:<flags> [calling]
12094624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12104624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
12114624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12124624.4110: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
12134624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
12144624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12154624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12164624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
12174624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
12184624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12194624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
12204624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
12214624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12224624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12234624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
12244624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12254624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
12264624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12274624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
12284624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
12294624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12304624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12314624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4160C19B4AE8E9DA7E4CF6F902F681967E258DC
12324624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12334624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
12344624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12354624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
12364624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000254 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
12374624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12384624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12394624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
12404624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
12414624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12424624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
12434624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
12444624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12454624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12464624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
12474624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
12484624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12494624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
12504624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
12514624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12524624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12534624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8128043E2DB517CE21AC6C645E17AA014BE6A2CB
12544624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12554624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
12564624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12574624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
12584624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
12594624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12604624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12614624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E9B60D8E91DE4B6BD8680A8EA9952E873AF643EE
12624624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12634624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
12644624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12654624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
12664624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
12674624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12684624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12694624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B282A2631D47B459D3BFB9E19817422A5BDA7C7
12704624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12714624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
12724624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12734624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
12744624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
12754624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12764624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12774624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
12784624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
12794624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12804624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
12814624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
12824624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12834624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12844624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CCB7F806B584BC833CCB45233D3BC2338D720DD4
12854624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12864624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
12874624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12884624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
12894624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
12904624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12914624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
12924624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E2E1B84E3D9D8988B641F2EA9E2FAEF8CEEACAF0
12934624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
12944624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
12954624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12964624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
12974624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
12984624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
12994624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13004624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=46C6553832B642058240BB0EC294D9684053FA28
13014624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
13024624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024a8d1:<flags> [calling]
13034624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13044624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
13054624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13064624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
13074624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
13084624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13094624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13104624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7A5A1283302E26EA13000CD81ADE080BA465337
13114624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13124624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\user32.dll'
13134624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13144624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
13154624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
13164624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13174624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13184624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
13194624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
13204624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13214624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
13224624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000118 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
13234624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13244624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13254624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B00C47C46ED3B51BBFC3F8FE80751A96F25C3EA
13264624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13274624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
13284624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13294624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
13304624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
13314624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
13324624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13334624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13344624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D212E5620D5CC7084245971F59495972AE15D84
13354624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13364624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
13374624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13384624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
13394624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
13404624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13414624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13424624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
13434624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
13444624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13454624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
13464624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000100 pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
13474624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13484624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13494624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD8EB2AA54C831F3AF5671C72D3359678F561895
13504624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13514624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
13524624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13534624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
13544624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
13554624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e8 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
13564624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13574624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13584624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=392B33B84600AC5ED0D2F6C5EC6F1E2AB7C64234
13594624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13604624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
13614624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13624624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
13634624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c8 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
13644624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13654624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13664624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
13674624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
13684624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13694624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
13704624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c0 pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
13714624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13724624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13734624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
13744624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
13754624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13764624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
13774624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000bc pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
13784624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13794624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13804624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=487CAE399C22924A675FED14D1CB8898D92C81B9
13814624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13824624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
13834624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13844624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
13854624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
13864624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
13874624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13884624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13894624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D8459AE7ED3F113B897E375D67EA01B027C8E524
13904624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13914624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
13924624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13934624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
13944624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
13954624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
13964624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
13974624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F72682744C68FE06FC8B7C2643183184F472F3A1
13984624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
13994624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
14004624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14014624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
14024624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
14034624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
14044624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
14054624.4110: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Code Signing CA
14064624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x584acef708cf9c00 OU=generated by AVG Antivirus for SSL/TLS scanning, O=AVG Web/Mail Shield, CN=AVG Web/Mail Shield Root
14074624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
14084624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
14094624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x2d4c7daca160b45 C=US, ST=CS, L=Mountain View, O=Western Digital, OU=Branded Products, CN=remotewd.com
14104624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
14114624.4110: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=Terms of use at https://www.verisign.com/rpa (c)10, CN=VeriSign Class 3 Code Signing 2010 CA
14124624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
14134624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
14144624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
14154624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
14164624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
14174624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
14184624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3d993fde1950a700 C=US, O=IdenTrust, CN=IdenTrust Commercial Root CA 1
14194624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
14204624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
14214624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
14224624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
14234624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xbbde687390e6bf00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Trusted Root G4
14244624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
14254624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
14264624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
14274624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
14284624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
14294624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
14304624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc6536f24d57ae723 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust ECC Certification Authority
14314624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
14324624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3714f47324e8ad00 C=US, O=Internet Security Research Group, CN=ISRG Root X1
14334624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
14344624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xcb7d2ba3dd0ff900 C=US, ST=Texas, L=Houston, O=SSL Corporation, CN=SSL.com Root Certification Authority RSA
14354624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
14364624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
14374624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
14384624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
14394624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
14404624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
14414624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
14424624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
14434624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
14444624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
14454624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
14464624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
14474624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xbebef0d2217f0bfb C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G3
14484624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x4b24f9897ec7e300 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden EV Root CA
14494624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
14504624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
14514624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc66d30927ebce400 C=US, O=Network Solutions L.L.C., CN=Network Solutions Certificate Authority
14524624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
14534624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
14544624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
14554624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xb352b1523915d000 C=JP, O=SECOM Trust Systems CO.,LTD., OU=Security Communication RootCA2
14564624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
14574624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
14584624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xe87add30c52db600 C=BE, O=GlobalSign nv-sa, CN=GlobalSign Code Signing Root R45
14594624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
14604624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
14614624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
14624624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
14634624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
14644624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
14654624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
14664624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
14674624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xb9ff821d139e9bf OU=GlobalSign ECC Root CA - R5, O=GlobalSign, CN=GlobalSign
14684624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
14694624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
14704624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
14714624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
14724624.4110: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
14734624.4110: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=68
14744624.4110: SUPR3HardenedMain: Load Runtime...
14754624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll: Signature #1/2: info status: 24202
14764624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
14774624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
14784624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14794624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
14804624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
14814624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
14824624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14834624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14844624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000428 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14854624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
14864624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
14874624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
14884624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
14894624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14904624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14914624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
14924624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
14934624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
14944624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
14954624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14964624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14974624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
14984624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14994624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15004624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll: Signature #1/2: info status: 24202
15014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15024624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
15034624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15044624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15064624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll: Signature #1/2: info status: 24202
15074624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
15084624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15094624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15114624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15124624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
15134624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
15144624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
15154624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
15164624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
15174624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
15184624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
15194624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
15204624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15214624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
15224624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
15234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15244624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15254624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
15264624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15284624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
15294624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bdc1:<flags> [calling]
15304624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15314624.4110: supR3HardenedDllNotificationCallback: load 000007feced40000 LB 0x005ec000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
15324624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15334624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15344624.4110: supR3HardenedDllNotificationCallback: load 0000000067b60000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
15354624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
15364624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15374624.4110: supR3HardenedDllNotificationCallback: load 0000000064b70000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
15384624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
15394624.4110: supR3HardenedDllNotificationCallback: load 000007fefe890000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
15404624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
15414624.4110: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
15424624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
15434624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15444624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15454624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15464624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15474624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15484624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15494624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15504624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15514624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15524624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15534624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15544624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15554624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15564624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15574624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15584624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15594624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15604624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15614624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15624624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15634624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15644624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15654624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15664624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15674624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15684624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15694624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15704624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15714624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15724624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15734624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15744624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15754624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15764624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15774624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15784624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15794624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15804624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15814624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15824624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15834624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15844624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15854624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15864624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
15874624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002494d1:<flags> [calling]
15884624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15894624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15904624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15914624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feced40000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
15924624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
15934624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d921:<flags> [calling]
15944624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\Wintrust.dll'
15954624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
15964624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
15974624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
15984624.4110: SUPR3HardenedMain: Load TrustedMain...
15994624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll: Signature #1/2: info status: 24202
16004624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'uicommon.dll'.
16024624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
16034624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
16044624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
16054624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
16064624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
16074624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
16084624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
16094624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
16104624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
16114624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
16124624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
16134624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
16144624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
16154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16164624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16174624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
16184624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
16194624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
16204624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
16214624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
16224624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16234624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16244624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16254624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
16264624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
16274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16294624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16304624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
16314624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
16324624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF3169AB12A33146DE2E4D9C648CB8C041F20136
16334624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16344624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16354624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16364624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16374624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
16384624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
16394624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16404624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
16414624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
16424624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16434624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16444624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
16454624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
16464624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
16474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16484624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16494624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
16504624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
16514624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
16524624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41C849408ED6D9A5379745F72C06BA402FAFD6B4
16534624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16544624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16554624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
16564624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16584624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16594624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16604624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16614624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16624624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16634624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16644624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\ole32.dll'.
16654624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16664624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16674624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
16684624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16694624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ole32.dll)
16704624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
16714624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16724624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16734624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16754624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16764624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16774624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16784624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16794624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
16804624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
16814624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16824624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16834624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
16844624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
16854624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
16864624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
16874624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16884624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16894624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
16904624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
16914624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll: Signature #1/2: info status: 24202
16924624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
16934624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
16944624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
16954624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16964624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
16974624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
16984624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
16994624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17004624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll: Signature #1/2: info status: 24202
17014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17024624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17034624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17044624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17054624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17064624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17074624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17084624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
17094624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17114624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17124624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll: Signature #1/2: info status: 24202
17134624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17144624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17154624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17164624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17174624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17184624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17194624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17204624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
17214624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17244624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll: Signature #1/2: info status: 24202
17254624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17264624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
17274624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
17284624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
17294624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
17304624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
17314624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
17324624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
17334624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
17344624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17354624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
17364624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
17374624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
17384624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
17394624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
17404624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
17414624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
17424624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
17434624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uicommon.dll'...
17444624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'uicommon.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\uicommon.dll' [rcNtRedir=0xc0150008]
17454624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll: Signature #1/2: info status: 24202
17464624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
17474624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
17484624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17494624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
17504624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
17514624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
17524624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
17534624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
17544624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17554624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
17564624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll) WinVerifyTrust
17574624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
17584624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17594624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17604624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
17614624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
17624624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
17634624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
17644624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
17654624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17664624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17674624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17684624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
17694624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
17704624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
17714624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
17724624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
17734624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
17744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17754624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17764624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
17774624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
17784624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
17794624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
17804624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
17814624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
17824624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
17834624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17844624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17854624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17864624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
17874624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
17884624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
17894624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
17904624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
17914624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
17924624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
17934624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
17944624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
17954624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
17964624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
17974624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
17984624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
17994624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18004624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18024624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18034624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
18044624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
18054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18074624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18084624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18094624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
18104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18114624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18124624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18134624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18144624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18164624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18174624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18194624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ole32.dll [redoing WinVerifyTrust]
18204624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
18214624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
18224624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
18234624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41C849408ED6D9A5379745F72C06BA402FAFD6B4
18244624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
18254624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18264624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18294624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
18304624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18314624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18324624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
18334624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
18344624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
18354624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18364624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18374624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18384624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll)
18394624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
18404624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
18414624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
18424624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
18434624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
18444624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
18454624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
18464624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
18474624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
18484624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
18494624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
18504624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll)
18514624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
18524624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18534624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18544624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
18554624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
18564624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
18574624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18584624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
18594624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18604624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll)
18614624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
18624624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18634624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18644624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18654624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18664624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18674624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18684624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
18694624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18704624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18714624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18724624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18734624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
18744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
18754624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
18764624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18774624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
18784624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devobj.dll)
18794624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
18804624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18814624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18824624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
18834624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18844624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18854624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18864624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18874624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18884624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18894624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18904624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18914624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18924624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18934624.4110: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
18944624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18954624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18964624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18974624.4110: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll)
18984624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
18994624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19004624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19014624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19024624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19034624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19044624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19074624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19084624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19094624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19114624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19124624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
19134624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
19144624.4110: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
19154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19164624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19174624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000249531:<flags> [calling]
19184624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
19194624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
19204624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19214624.4110: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ole32.dll'
19224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19244624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
19254624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19264624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19294624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19304624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19314624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19324624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19334624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19344624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19354624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19364624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19374624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19384624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
19394624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
19404624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
19414624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19424624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19434624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
19444624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19454624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19464624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
19474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
19484624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
19494624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume3\Windows\System32\mpr.dll
19504624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
19514624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
19524624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
19534624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\mpr.dll'
19544624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19554624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) WinVerifyTrust
19564624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
19574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
19584624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
19594624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
19604624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19614624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19624624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19634624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19644624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
19654624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19664624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19674624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
19684624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
19694624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
19704624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F0FD5A01ADEE7CE965956E4165CC96F02202139
19714624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
19724624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
19734624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19744624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19754624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
19764624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
19774624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
19784624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
19794624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
19804624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19814624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19824624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19834624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19844624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
19854624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19864624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19874624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
19884624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19894624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19904624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19914624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19924624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19934624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19944624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19954624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19964624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19974624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
19984624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19994624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20004624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20014624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20024624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20034624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
20044624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20064624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
20074624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20084624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20094624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20114624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20124624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20134624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20144624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20154624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20164624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20174624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20194624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20204624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
20214624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
20244624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
20254624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20264624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
20274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
20284624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20294624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
20304624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
20314624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20324624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20334624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20344624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20354624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20364624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20374624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20384624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20394624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20404624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20414624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20424624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20434624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20444624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20454624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20464624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
20474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20484624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20494624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bdd1:<flags> [calling]
20504624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
20514624.4110: supR3HardenedDllNotificationCallback: load 000007fecc9d0000 LB 0x001c9000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
20524624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
20534624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
20544624.4110: supR3HardenedDllNotificationCallback: load 000007fee2030000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
20554624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
20564624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
20574624.4110: supR3HardenedDllNotificationCallback: load 000007fefb3c0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
20584624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
20594624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
20604624.4110: supR3HardenedDllNotificationCallback: load 000007fee1d90000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
20614624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
20624624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
20634624.4110: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
20644624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
20654624.4110: supR3HardenedDllNotificationCallback: load 000007feff690000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
20664624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll [avoiding WinVerifyTrust]
20674624.4110: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
20684624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
20694624.4110: supR3HardenedDllNotificationCallback: load 000007fefe040000 LB 0x000db000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
20704624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
20714624.4110: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x001ff000 C:\Windows\system32\ole32.dll [fFlags=0x0]
20724624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
20734624.4110: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
20744624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
20754624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
20764624.4110: supR3HardenedDllNotificationCallback: load 000007fefb690000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
20774624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
20784624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
20794624.4110: supR3HardenedDllNotificationCallback: load 000007feae880000 LB 0x02320000 C:\Program Files\Oracle\VirtualBox\UICommon.dll [fFlags=0x0]
20804624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\UICommon.dll
20814624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20824624.4110: supR3HardenedDllNotificationCallback: load 0000000066fb0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
20834624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
20844624.4110: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
20854624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
20864624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
20874624.4110: supR3HardenedDllNotificationCallback: load 000007fef6070000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
20884624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
20894624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20904624.4110: supR3HardenedDllNotificationCallback: load 000007fece740000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
20914624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
20924624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20934624.4110: supR3HardenedDllNotificationCallback: load 00000000644b0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
20944624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
20954624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20964624.4110: supR3HardenedDllNotificationCallback: load 0000000067a40000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
20974624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
20984624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
20994624.4110: supR3HardenedDllNotificationCallback: load 000007fefac90000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
21004624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
21014624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21024624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21034624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
21044624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled]
21054624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
21064624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
21074624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
21084624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rescheduled]
21094624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
21104624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
21114624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.DLL'
21124624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21134624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21144624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
21154624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled]
21164624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
21174624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
21184624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
21194624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rescheduled]
21204624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
21214624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
21224624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21234624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21244624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
21254624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled]
21264624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
21274624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
21284624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
21294624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rescheduled]
21304624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
21314624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
21324624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
21334624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
21344624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf70000 'C:\Windows\system32\cryptbase.dll'
21354624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'.
21364624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rescheduled]
21374624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\devobj.dll'.
21384624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rescheduled]
21394624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'.
21404624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rescheduled]
21414624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'.
21424624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rescheduled]
21434624.4110: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'.
21444624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rescheduled]
21454624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecc9d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
21464624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
21474624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
21484624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
21494624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
21504624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
21514624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21524624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
21534624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
21544624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
21554624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
21564624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
21574624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
21584624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21594624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devobj.dll'
21604624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
21614624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
21624624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
21634624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06E87E8BC22B9124778A2BDA6472CAFE3F12B2CA
21644624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
21654624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
21664624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21674624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
21684624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
21694624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
21704624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
21714624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
21724624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
21734624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21744624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
21754624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
21764624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
21774624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
21784624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
21794624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
21804624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21814624.4110: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
21824624.4110: SUPR3HardenedMain: Calling TrustedMain (000007fecc9d16c0)...
21834624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
21844624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d681:<flags> [calling]
21854624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
21864624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
21874624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\profapi.dll
21884624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024bd61:<flags> [calling]
21894624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\Windows\system32\profapi.dll'
21904624.4110: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll: Signature #1/2: info status: 24202
21914624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
21924624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
21934624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
21944624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
21954624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
21964624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21974624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
21984624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
21994624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
22004624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
22014624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
22024624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
22034624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22044624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22054624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22064624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22074624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22084624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22094624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22104624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22114624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22124624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22134624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22144624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22164624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22174624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22194624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
22204624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
22214624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
22224624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
22244624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
22254624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
22264624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22294624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22304624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
22314624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22324624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22334624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e051:<flags> [calling]
22344624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22354624.4110: supR3HardenedDllNotificationCallback: load 000007fece610000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
22364624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22374624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fece610000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
22384624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
22394624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024df81:<flags> [calling]
22404624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf70000 'C:\Windows\system32\CRYPTBASE.dll'
22414624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000053c pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22424624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
22434624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
22444624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
22454624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
22464624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22474624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22484624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
22494624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
22504624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
22514624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22524624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22534624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22544624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22554624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22564624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22584624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024da51:<flags> [calling]
22594624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22604624.4110: supR3HardenedDllNotificationCallback: load 000007fefbac0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
22614624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22624624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\uxtheme.dll'
22634624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22644624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d491:<flags> [calling]
22654624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\uxtheme.dll'
22664624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22674624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d201:<flags> [calling]
22684624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\uxtheme.dll'
22694624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22704624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d201:<flags> [calling]
22714624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\uxtheme.dll'
22724624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077360000 'C:\Windows\system32\user32.dll'
22734624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22744624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e291:<flags> [calling]
22754624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
22764624.4110: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
22774624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
22784624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
22794624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024d931:<flags> [calling]
22804624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb690000 'C:\Windows\system32\dwmapi.dll'
22814624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22824624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e6b1:<flags> [calling]
22834624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac90000 'C:\Windows\system32\winmm.dll'
22844624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
22854624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e6b1:<flags> [calling]
22864624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac90000 'C:\Windows\system32\winmm.dll'
22874624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
22884624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e991:<flags> [calling]
22894624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
22904624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
22914624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e961:<flags> [calling]
22924624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\uxtheme.dll'
22934624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\advapi32.dll'
22944624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\userenv.dll
22954624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e8c1:<flags> [calling]
22964624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd260000 'C:\Windows\system32\userenv.dll'
22974624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll
22984624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024e9a1:<flags> [calling]
22994624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077460000 'C:\Windows\system32\kernel32.dll'
23004624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
23014624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000057c pwszName=\Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23024624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
23034624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
23044624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
23054624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\clbcatq.dll'
23064624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23074624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23084624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
23094624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23104624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23114624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23124624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
23134624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\clbcatq.dll) WinVerifyTrust
23144624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23154624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23164624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23174624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23184624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23194624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23204624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23214624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23244624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23254624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23264624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23274624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23284624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23294624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024c691:<flags> [calling]
23304624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23314624.4110: supR3HardenedDllNotificationCallback: load 000007fefd550000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
23324624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\clbcatq.dll
23334624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd550000 'C:\Windows\system32\CLBCatQ.DLL'
23344624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
23354624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b4e1:<flags> [calling]
23364624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc870000 'C:\Windows\system32\CRYPTSP.dll'
23374624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000058c pwszName=\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
23384624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
23394624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
23404624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
23414624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll'
23424624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23434624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
23444624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
23454624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
23464624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23474624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23484624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
23494624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024b0a1:<flags> [calling]
23504624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
23514624.4110: supR3HardenedDllNotificationCallback: load 000007fefd020000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
23524624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\RpcRtRemote.dll
23534624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd020000 'C:\Windows\system32\RpcRtRemote.dll'
23544624.3ea0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll: Signature #1/2: info status: 24202
23554624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23564624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23574624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23584624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23594624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23604624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23614624.3ea0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
23624624.3ea0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23634624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23644624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23654624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23664624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23674624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23684624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
23694624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23704624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23714624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
23724624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23734624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23744624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23754624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23764624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
23774624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23784624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23794624.3ea0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004e8e941:<flags> [calling]
23804624.3ea0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23814624.3ea0: supR3HardenedDllNotificationCallback: load 000007fece150000 LB 0x003c2000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
23824624.3ea0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
23834624.3ea0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fece150000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
23844624.3ea0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll: Signature #1/2: info status: 24202
23854624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23864624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
23874624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23884624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
23894624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
23904624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
23914624.3ea0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
23924624.3ea0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
23934624.3ea0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
23944624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23954624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23964624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23974624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23984624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
23994624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24004624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24014624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24024624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24034624.3ea0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
24044624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24054624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24064624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24074624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24084624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24094624.3ea0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24104624.3ea0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004e8d3b1:<flags> [calling]
24114624.3ea0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24124624.3ea0: supR3HardenedDllNotificationCallback: load 000007fece520000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
24134624.3ea0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24144624.3ea0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fece520000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
24154624.3ea0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
24164624.3ea0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004e8d241:<flags> [calling]
24174624.3ea0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe040000 'C:\Windows\system32\oleaut32.dll'
24184624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
24194624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\Windows\system32\gdi32.dll'
24204624.25e8: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll: Signature #1/2: info status: 24202
24214624.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24224624.25e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24234624.25e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll) WinVerifyTrust
24244624.25e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24254624.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24264624.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24274624.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24284624.25e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24294624.25e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000029fa551:<flags> [calling]
24304624.25e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24314624.25e8: supR3HardenedDllNotificationCallback: load 000007fefad20000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [fFlags=0x0]
24324624.25e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.dll
24334624.25e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad20000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL'
24344624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24354624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024a411:<flags> [calling]
24364624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
24374624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
24384624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
24394624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
24404624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msctf.dll
24414624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000249cf1:<flags> [calling]
24424624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6e0000 'C:\Windows\system32\MSCTF.dll'
24434624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24444624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024a001:<flags> [calling]
24454624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
24464624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
24474624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000024a001:<flags> [calling]
24484624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
24494624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
24504624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe040000 'C:\Windows\system32\OLEAUT32.dll'
24514624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000904 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24524624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
24534624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
24544624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
24554624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll'
24564624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24574624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24584624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
24594624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24604624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24614624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
24624624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
24634624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
24644624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
24654624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24664624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24674624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24684624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24694624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24704624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24714624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24724624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24734624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
24754624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
24764624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000908 pwszName=\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24774624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
24784624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
24794624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
24804624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll'
24814624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24824624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24834624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
24844624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
24854624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24864624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
24874624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll) WinVerifyTrust
24884624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
24894624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24904624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24914624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
24924624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24934624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24944624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
24954624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24964624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24974624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24984624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24994624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25004624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25014624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25024624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25034624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000246641:<flags> [calling]
25044624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25054624.4110: supR3HardenedDllNotificationCallback: load 000007fee8f70000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
25064624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemprox.dll
25074624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25084624.4110: supR3HardenedDllNotificationCallback: load 000007fee90e0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
25094624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25104624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8f70000 'C:\Windows\system32\wbem\wbemprox.dll'
25114624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000930 pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25124624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
25134624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
25144624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
25154624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll'
25164624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25174624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25184624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
25194624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
25204624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25214624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25224624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25234624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25244624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25254624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000246261:<flags> [calling]
25264624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25274624.4110: supR3HardenedDllNotificationCallback: load 000007fee8d80000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
25284624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\wbemsvc.dll
25294624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8d80000 'C:\Windows\system32\wbem\wbemsvc.dll'
25304624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000093c pwszName=\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25314624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
25324624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
25334624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
25344624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll'
25354624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25364624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25374624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
25384624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
25394624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
25404624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
25414624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
25424624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
25434624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25444624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
25454624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
25464624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000924 pwszName=\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
25474624.4110: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
25484624.4110: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
25494624.4110: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
25504624.4110: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll'
25514624.4110: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25524624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25534624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
25544624.4110: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
25554624.4110: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ntdsapi.dll) WinVerifyTrust
25564624.4110: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
25574624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25584624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25594624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25604624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25614624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25624624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25634624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25644624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume3\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25654624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbemcomn.dll
25664624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25674624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25684624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25694624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25704624.4110: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
25714624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25724624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25734624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25744624.4110: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25754624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002462c1:<flags> [calling]
25764624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25774624.4110: supR3HardenedDllNotificationCallback: load 000007fee8fb0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
25784624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wbem\fastprox.dll
25794624.4110: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
25804624.4110: supR3HardenedDllNotificationCallback: load 000007fee8f80000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
25814624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ntdsapi.dll
25824624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8fb0000 'C:\Windows\system32\wbem\fastprox.dll'
25834624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe040000 'C:\Windows\system32\OLEAUT32.dll'
25844624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
25854624.4110: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
25864624.4110: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000245be1:<flags> [calling]
25874624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac90000 'C:\Windows\system32\WINMM.dll'
25884624.466c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll: Signature #1/2: info status: 24202
25894624.466c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25904624.466c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25914624.466c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
25924624.466c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25934624.466c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25944624.466c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25954624.466c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25964624.466c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25974624.466c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b4ae781:<flags> [calling]
25984624.466c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25994624.466c: supR3HardenedDllNotificationCallback: load 000007fecc650000 LB 0x0037e000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26004624.466c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26014624.466c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecc650000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26024624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
26034624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcee541:<flags> [calling]
26044624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
26054624.44bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
26064624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume3\Windows\System32\netcfgx.dll
26074624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
26084624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
26094624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
26104624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\netcfgx.dll'
26114624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26124624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
26134624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26144624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
26154624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
26164624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26174624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
26184624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
26194624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
26204624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\netcfgx.dll) WinVerifyTrust
26214624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
26224624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
26234624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
26244624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a28 pwszName=\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26254624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
26264624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
26274624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
26284624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL'
26294624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26304624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26314624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
26324624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
26334624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
26344624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
26354624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26364624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26374624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26384624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
26394624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26404624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26414624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26424624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26434624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26444624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26454624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26464624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26474624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26484624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26494624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
26504624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
26514624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
26524624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26534624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26544624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
26554624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
26564624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a24 pwszName=\Device\HarddiskVolume3\Windows\System32\winnsi.dll
26574624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
26584624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
26594624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
26604624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\Windows\system32\crypt32.dll'
26614624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_822_for_KB4534310~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume3\Windows\System32\winnsi.dll'
26624624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26634624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26644624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26654624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
26664624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winnsi.dll) WinVerifyTrust
26674624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26684624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26694624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26704624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
26714624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26724624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26734624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26744624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26754624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
26764624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26774624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26784624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26794624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26804624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceb7a1:<flags> [calling]
26814624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
26824624.20cc: supR3HardenedDllNotificationCallback: load 000007fef7fd0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
26834624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\netcfgx.dll
26844624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26854624.20cc: supR3HardenedDllNotificationCallback: load 000007fefa510000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
26864624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
26874624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26884624.20cc: supR3HardenedDllNotificationCallback: load 000007fefa500000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
26894624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winnsi.dll
26904624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7fd0000 'C:\Windows\system32\netcfgx.dll'
26914624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
26924624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcecf61:<flags> [calling]
26934624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff690000 'C:\Windows\system32\SETUPAPI.dll'
26944624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26954624.20cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\devrtl.dll)
26964624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devrtl.dll
26974624.20cc: supR3HardenedDllNotificationCallback: load 000007fefc390000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
26984624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
26994624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a34 pwszName=\Device\HarddiskVolume3\Windows\System32\devrtl.dll
27004624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
27014624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
27024624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
27034624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
27044624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27054624.20cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\devrtl.dll'
27064624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
27074624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27084624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27094624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcecd01:<flags> [calling]
27104624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\Windows\system32\WINTRUST.dll'
27114624.472c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll: Signature #1/2: info status: 24202
27124624.472c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27134624.472c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27144624.472c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
27154624.472c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
27164624.472c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27174624.472c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27184624.472c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27194624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27204624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27214624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27224624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27234624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
27244624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
27254624.472c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27264624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27274624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27284624.472c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
27294624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27304624.472c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27314624.472c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c16d751:<flags> [calling]
27324624.472c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27334624.472c: supR3HardenedDllNotificationCallback: load 000007fef1770000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
27344624.472c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27354624.472c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1770000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
27364624.3f9c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll: Signature #1/2: info status: 24202
27374624.3f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27384624.3f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
27394624.3f9c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27404624.3f9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
27414624.3f9c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27424624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27434624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27444624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
27454624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
27464624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27474624.3f9c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27484624.3f9c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
27494624.3f9c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c3dde31:<flags> [calling]
27504624.3f9c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27514624.3f9c: supR3HardenedDllNotificationCallback: load 000007fee89b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
27524624.3f9c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
27534624.3f9c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee89b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
27544624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\Shell32.dll'
27554624.20cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
27564624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000bce94a1:<flags> [calling]
27574624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd490000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
27584624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
27594624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceb7d1:<flags> [calling]
27604624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecc650000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
27614624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll: Signature #1/2: info status: 24202
27624624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27634624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
27644624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
27654624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
27664624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
27674624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
27684624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27694624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27704624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27714624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27724624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27734624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27744624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27754624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\user32.dll
27764624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
27774624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
27784624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27794624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27804624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcec981:<flags> [calling]
27814624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27824624.20cc: supR3HardenedDllNotificationCallback: load 000007fee8960000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
27834624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
27844624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8960000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
27854624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fee8960000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
27864624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll: Signature #1/2: info status: 24202
27874624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27884624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27894624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27904624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
27914624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
27924624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
27934624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
27944624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
27954624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
27964624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
27974624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
27984624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
27994624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
28004624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
28014624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\IPHLPAPI.DLL
28024624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28034624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28044624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
28054624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
28064624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
28074624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28084624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28094624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28104624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28114624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28124624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
28134624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
28144624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll: Signature #1/2: info status: 24202
28154624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28164624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28174624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
28184624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28194624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
28204624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
28214624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll: Signature #1/2: info status: 24202
28224624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28234624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28244624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28254624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
28264624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
28274624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
28284624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28294624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28304624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28314624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28324624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28334624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28344624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28354624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28364624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28374624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28384624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
28394624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
28404624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
28414624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28424624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28434624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28444624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28454624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28464624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28474624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28484624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28494624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28504624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28514624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcedc11:<flags> [calling]
28524624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
28534624.20cc: supR3HardenedDllNotificationCallback: load 000007fe9e730000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
28544624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD.dll
28554624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28564624.20cc: supR3HardenedDllNotificationCallback: load 000007fedcc00000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
28574624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDDU.dll
28584624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28594624.20cc: supR3HardenedDllNotificationCallback: load 000007feae020000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
28604624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28614624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fe9e730000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
28624624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28634624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcedc11:<flags> [calling]
28644624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28654624.20cc: supR3HardenedDllNotificationCallback: load 000007fee8910000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28664624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28674624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8910000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
28684624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxC.dll
28694624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcedc11:<flags> [calling]
28704624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fece150000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
28714624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxDD2.dll
28724624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bced9b1:<flags> [calling]
28734624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feae020000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
28744624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll: Signature #1/2: info status: 24202
28754624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28764624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28774624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
28784624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28794624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28804624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28814624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28824624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28834624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceda21:<flags> [calling]
28844624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28854624.20cc: supR3HardenedDllNotificationCallback: load 000007fee8990000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
28864624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
28874624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8990000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
28884624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll: Signature #1/2: info status: 24202
28894624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28904624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28914624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
28924624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28934624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28944624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28954624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28964624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28974624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceda21:<flags> [calling]
28984624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
28994624.20cc: supR3HardenedDllNotificationCallback: load 000007fee8970000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
29004624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29014624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8970000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
29024624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll: Signature #1/2: info status: 24202
29034624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29044624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29054624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
29064624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29074624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29084624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29094624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29104624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29114624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceda71:<flags> [calling]
29124624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29134624.20cc: supR3HardenedDllNotificationCallback: load 000007fee1710000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
29144624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
29154624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1710000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
29164624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll: Signature #1/2: info status: 24202
29174624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29184624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29194624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
29204624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29214624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29224624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29234624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29244624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29254624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceda71:<flags> [calling]
29264624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29274624.20cc: supR3HardenedDllNotificationCallback: load 000007fedd940000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
29284624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
29294624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd940000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
29304624.36b4: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll: Signature #1/2: info status: 24202
29314624.36b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29324624.36b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
29334624.36b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29344624.36b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
29354624.36b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29364624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29374624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29384624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29394624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29404624.36b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29414624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29424624.36b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29434624.36b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000da7dc11:<flags> [calling]
29444624.36b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29454624.36b4: supR3HardenedDllNotificationCallback: load 000007fedd700000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
29464624.36b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
29474624.36b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd700000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
29484624.439c: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll: Signature #1/2: info status: 24202
29494624.439c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29504624.439c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29514624.439c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
29524624.439c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
29534624.439c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
29544624.439c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29554624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29564624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29574624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29584624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29594624.439c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29604624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29614624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29624624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29634624.439c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29644624.439c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000dbcda31:<flags> [calling]
29654624.439c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29664624.439c: supR3HardenedDllNotificationCallback: load 000007fef1730000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
29674624.439c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
29684624.439c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1730000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
29694624.45e0: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll: Signature #1/2: info status: 24202
29704624.45e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29714624.45e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
29724624.45e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
29734624.45e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
29744624.45e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29754624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29764624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29774624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
29784624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
29794624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29804624.45e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29814624.45e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ddbd891:<flags> [calling]
29824624.45e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29834624.45e0: supR3HardenedDllNotificationCallback: load 000007fee8960000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
29844624.45e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
29854624.45e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8960000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
29864624.20cc: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll: Signature #1/2: info status: 24202
29874624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29884624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29894624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
29904624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29914624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29924624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29934624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29944624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29954624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcef1c1:<flags> [calling]
29964624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29974624.20cc: supR3HardenedDllNotificationCallback: load 000007fefa7e0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
29984624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
29994624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
30004624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d60 pwszName=\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30014624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
30024624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
30034624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
30044624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll'
30054624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30064624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30074624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30084624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30094624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
30104624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll) WinVerifyTrust
30114624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30124624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
30134624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume3\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
30144624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d64 pwszName=\Device\HarddiskVolume3\Windows\System32\propsys.dll
30154624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007eff00
30164624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007eff00
30174624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
30184624.20cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\propsys.dll'
30194624.20cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30204624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30214624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
30224624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
30234624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
30244624.20cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30254624.20cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\propsys.dll) WinVerifyTrust
30264624.20cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\propsys.dll
30274624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30284624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30294624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30304624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30314624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30324624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30334624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
30344624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
30354624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30364624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30374624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
30384624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
30394624.20cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
30404624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
30414624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
30424624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30434624.20cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30444624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bced451:<flags> [calling]
30454624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30464624.20cc: supR3HardenedDllNotificationCallback: load 000007fefb6b0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
30474624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30484624.20cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
30494624.20cc: supR3HardenedDllNotificationCallback: load 000007fefbb20000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
30504624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\propsys.dll
30514624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5f0000 'C:\Windows\system32\ADVAPI32.dll'
30524624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'C:\Windows\System32\MMDevApi.dll'
30534624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
30544624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
30554624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bced781:<flags> [calling]
30564624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff690000 'C:\Windows\system32\SETUPAPI.dll'
30574624.4e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
30584624.4e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000010cdf8f1:<flags> [calling]
30594624.4e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\CFGMGR32.dll'
30604624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
30614624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bcee901:<flags> [calling]
30624624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe120000 'C:\Windows\system32\SHLWAPI.dll'
30634624.20cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\MMDevAPI.dll
30644624.20cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bceeb21:<flags> [calling]
30654624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6b0000 'C:\Windows\system32\MMDEVAPI.DLL'
30664624.20cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\ole32.dll'
30674624.466c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe040000 'C:\Windows\system32\OLEAUT32.dll'
30684624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30694624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30704624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30714624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30724624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30734624.4110: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\Windows\system32\shell32.dll'
30744624.45e0: supR3HardenedDllNotificationCallback: Unload 000007fee8960000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
30754624.439c: supR3HardenedDllNotificationCallback: Unload 000007fef1730000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
30764624.36b4: supR3HardenedDllNotificationCallback: Unload 000007fedd700000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
30774624.3f9c: supR3HardenedDllNotificationCallback: Unload 000007fee89b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
30784624.472c: supR3HardenedDllNotificationCallback: Unload 000007fef1770000 LB 0x00010000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
30794624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fedd940000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
30804624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fee1710000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
30814624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fee8970000 LB 0x00012000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
30824624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fee8990000 LB 0x00018000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
30834624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fee8910000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30844624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fe9e730000 LB 0x00a04000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
30854624.20cc: supR3HardenedDllNotificationCallback: Unload 000007feae020000 LB 0x0085c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
30864624.20cc: supR3HardenedDllNotificationCallback: Unload 000007fedcc00000 LB 0x00066000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
30874624.4110: supR3HardenedDllNotificationCallback: Unload 000007fefad20000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMainVM.DLL [flags=0x0]
30884624.4110: supR3HardenedDllNotificationCallback: Unload 000007fef7fd0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
30894624.4110: supR3HardenedDllNotificationCallback: Unload 000007fefa510000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
30904624.4110: supR3HardenedDllNotificationCallback: Unload 000007fefa500000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
30914624.4110: supR3HardenedDllNotificationCallback: Unload 000007fee8fb0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
30924624.4110: supR3HardenedDllNotificationCallback: Unload 000007fee8f80000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
30934624.4110: supR3HardenedDllNotificationCallback: Unload 000007fee8d80000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
30944624.4110: supR3HardenedDllNotificationCallback: Unload 000007fee8f70000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
30954624.4110: supR3HardenedDllNotificationCallback: Unload 000007fee90e0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
30964624.4110: supR3HardenedDllNotificationCallback: Unload 000007fece520000 LB 0x000ef000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
30974624.4110: supR3HardenedDllNotificationCallback: Unload 000007fece150000 LB 0x003c2000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
30984624.4110: Terminating the normal way: rcExit=0
309930c0.3cdc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 12632 ms, the end);
31003248.4640: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 13990 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy