Ticket #13847: VBoxStartup - 4.3.28.log

1364.1888: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000010 g_uNtVerCombined=0x63258000
1364.1888: \SystemRoot\System32\ntdll.dll:
1364.1888:     CreationTime:    2015-04-15T12:54:24.332363000Z
1364.1888:     LastWriteTime:   2015-03-23T21:59:25.551884100Z
1364.1888:     ChangeTime:      2015-05-06T14:01:01.710325500Z
1364.1888:     FileAttributes:  0x20
1364.1888:     Size:            0x1a7540
1364.1888:     NT Headers:      0xd8
1364.1888:     Timestamp:       0x550f4336
1364.1888:     Machine:         0x8664 - amd64
1364.1888:     Timestamp:       0x550f4336
1364.1888:     Image Version:   6.3
1364.1888:     SizeOfImage:     0x1ac000 (1753088)
1364.1888:     Resource Dir:    0x148000 LB 0x62450
1364.1888:     ProductName:     Microsoft® Windows® Operating System
1364.1888:     ProductVersion:  6.3.9600.17736
1364.1888:     FileVersion:     6.3.9600.17736 (winblue_r9.150322-1500)
1364.1888:     FileDescription: NT Layer DLL
1364.1888: \SystemRoot\System32\kernel32.dll:
1364.1888:     CreationTime:    2015-03-28T18:43:10.880167300Z
1364.1888:     LastWriteTime:   2014-10-29T04:09:24.572407200Z
1364.1888:     ChangeTime:      2015-03-30T13:34:43.087928400Z
1364.1888:     FileAttributes:  0x20
1364.1888:     Size:            0x13fc30
1364.1888:     NT Headers:      0xf8
1364.1888:     Timestamp:       0x545054ca
1364.1888:     Machine:         0x8664 - amd64
1364.1888:     Timestamp:       0x545054ca
1364.1888:     Image Version:   6.3
1364.1888:     SizeOfImage:     0x13e000 (1302528)
1364.1888:     Resource Dir:    0x12e000 LB 0x518
1364.1888:     ProductName:     Microsoft® Windows® Operating System
1364.1888:     ProductVersion:  6.3.9600.17415
1364.1888:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
1364.1888:     FileDescription: Windows NT BASE API Client DLL
1364.1888: \SystemRoot\System32\KernelBase.dll:
1364.1888:     CreationTime:    2015-03-28T18:43:59.209819500Z
1364.1888:     LastWriteTime:   2014-10-29T03:55:08.402989600Z
1364.1888:     ChangeTime:      2015-03-30T13:33:05.602192500Z
1364.1888:     FileAttributes:  0x20
1364.1888:     Size:            0x114a90
1364.1888:     NT Headers:      0xf0
1364.1888:     Timestamp:       0x54505737
1364.1888:     Machine:         0x8664 - amd64
1364.1888:     Timestamp:       0x54505737
1364.1888:     Image Version:   6.3
1364.1888:     SizeOfImage:     0x115000 (1134592)
1364.1888:     Resource Dir:    0x110000 LB 0x3528
1364.1888:     ProductName:     Microsoft® Windows® Operating System
1364.1888:     ProductVersion:  6.3.9600.17415
1364.1888:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
1364.1888:     FileDescription: Windows NT BASE API Client DLL
1364.1888: \SystemRoot\System32\apisetschema.dll:
1364.1888:     CreationTime:    2013-08-22T12:13:09.745625900Z
1364.1888:     LastWriteTime:   2013-08-22T12:35:12.091034400Z
1364.1888:     ChangeTime:      2014-05-10T19:29:38.590798500Z
1364.1888:     FileAttributes:  0x20
1364.1888:     Size:            0x11360
1364.1888:     NT Headers:      0xd0
1364.1888:     Timestamp:       0x52160049
1364.1888:     Machine:         0x8664 - amd64
1364.1888:     Timestamp:       0x52160049
1364.1888:     Image Version:   6.3
1364.1888:     SizeOfImage:     0x13000 (77824)
1364.1888:     Resource Dir:    0x11000 LB 0x3f8
1364.1888:     ProductName:     Microsoft® Windows® Operating System
1364.1888:     ProductVersion:  6.3.9600.16384
1364.1888:     FileVersion:     6.3.9600.16384 (winblue_rtm.130821-1623)
1364.1888:     FileDescription: ApiSet Schema DLL
1364.1888: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1364.1888: supR3HardenedWinFindAdversaries: 0x0
1364.1888: Calling main()
1364.1888: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1364.1888: SUPR3HardenedMain: Respawn #1
1364.1888: System32:  \Device\HarddiskVolume4\Windows\System32
1364.1888: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
1364.1888: KnownDllPath: C:\Windows\system32
1364.1888: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1364.1888: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1364.1888: supR3HardNtEnableThreadCreation:
1364.1888: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a4e48eb0 pvNtTerminateThread=00007ff8a4ec16f0
1364.1888: supR3HardenedWinDoReSpawn(1): New child dcc.e28 [kernel32].
1364.1888: supR3HardNtChildGatherData: PebBaseAddress=00007ff6d0f1c000 cbPeb=0x388
1364.1888: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8a4e30000 uNtDllChildAddr=00007ff8a4e30000
1364.1888: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8a4e48eb0
1364.1888: supR3HardenedWinSetupChildInit: Start child.
1364.1888: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1364.1888: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 17 sleeps
1364.1888: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1364.1888:  *0000000000000000-ffffffffff85ffff 0x0001/0x0000 0x0000000
1364.1888:  *00000000007a0000-000000000077ffff 0x0004/0x0004 0x0020000
1364.1888:  *00000000007c0000-00000000007b0fff 0x0002/0x0002 0x0040000
1364.1888:   00000000007cf000-00000000007cdfff 0x0001/0x0000 0x0000000
1364.1888:  *00000000007d0000-00000000006d3fff 0x0000/0x0004 0x0020000
1364.1888:   00000000008cc000-00000000008c8fff 0x0104/0x0004 0x0020000
1364.1888:   00000000008cf000-00000000008cdfff 0x0004/0x0004 0x0020000
1364.1888:  *00000000008d0000-00000000008cbfff 0x0002/0x0002 0x0040000
1364.1888:   00000000008d4000-00000000008c7fff 0x0001/0x0000 0x0000000
1364.1888:  *00000000008e0000-00000000008ddfff 0x0004/0x0004 0x0020000
1364.1888:   00000000008e2000-ffffffff811e3fff 0x0001/0x0000 0x0000000
1364.1888:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1364.1888:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1364.1888:   000000007fff0000-ffff800a2f0effff 0x0001/0x0000 0x0000000
1364.1888:  *00007ff6d0ef0000-00007ff6d0eccfff 0x0002/0x0002 0x0040000
1364.1888:   00007ff6d0f13000-00007ff6d0f09fff 0x0001/0x0000 0x0000000
1364.1888:  *00007ff6d0f1c000-00007ff6d0f1afff 0x0004/0x0004 0x0020000
1364.1888:   00007ff6d0f1d000-00007ff6d0f1bfff 0x0001/0x0000 0x0000000
1364.1888:  *00007ff6d0f1e000-00007ff6d0f1bfff 0x0004/0x0004 0x0020000
1364.1888:   00007ff6d0f20000-00007ff6d08effff 0x0001/0x0000 0x0000000
1364.1888:  *00007ff6d1550000-00007ff6d1550fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1551000-00007ff6d15d5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d15d6000-00007ff6d15d6fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d15d7000-00007ff6d1614fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1615000-00007ff6d1615fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1616000-00007ff6d1616fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1617000-00007ff6d1618fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1619000-00007ff6d1619fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d161a000-00007ff6d161afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d161b000-00007ff6d161efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d161f000-00007ff6d1657fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
1364.1888:   00007ff6d1658000-00007ff4fde7ffff 0x0001/0x0000 0x0000000
1364.1888:  *00007ff8a4e30000-00007ff8a4e30fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4e31000-00007ff8a4f5cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f5d000-00007ff8a4f62fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f63000-00007ff8a4f6ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f70000-00007ff8a4f70fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f71000-00007ff8a4f73fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f74000-00007ff8a4f74fff 0x0010/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4f75000-00007ff8a4fdbfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
1364.1888:   00007ff8a4fdc000-00007ff149fd7fff 0x0001/0x0000 0x0000000
1364.1888:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
1364.1888: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
1364.1888: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1364.1888: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
1364.1888: supR3HardNtChildPurify: Done after 313 ms and 0 fixes (loop #0).
dcc.e28: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
dcc.e28: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8a4e30000
dcc.e28: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
dcc.e28: New simple heap: #1 00000000009f0000 LB 0x400000 (for 1753088 allocation)
1364.1888: supR3HardNtEnableThreadCreation:
dcc.e28: System32:  \Device\HarddiskVolume4\Windows\System32
dcc.e28: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
dcc.e28: KnownDllPath: C:\Windows\system32
dcc.e28: supR3HardenedVmProcessInit: Opening vboxdrv stub...
dcc.e28: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
dcc.e28: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
dcc.e28: Registered Dll notification callback with NTDLL.
dcc.e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
dcc.e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
dcc.e28: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
dcc.e28: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
dcc.e28: supR3HardenedDllNotificationCallback: load   00007ff8a22e0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
dcc.e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
dcc.e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
dcc.e28: supR3HardenedDllNotificationCallback: load   00007ff8a4b10000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
dcc.e28: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
dcc.e28: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32\KERNEL32.DLL'
dcc.e28: supR3HardenedDllNotificationCallback: load   00007ff6d1550000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
dcc.e28: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
dcc.e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
dcc.e28: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a4e48eb0 pvNtTerminateThread=00007ff8a4ec16f0
1364.1888: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 62 ms.
dcc.e28: \SystemRoot\System32\ntdll.dll:
dcc.e28:     CreationTime:    2015-04-15T12:54:24.332363000Z
dcc.e28:     LastWriteTime:   2015-03-23T21:59:25.551884100Z
dcc.e28:     ChangeTime:      2015-05-06T14:01:01.710325500Z
dcc.e28:     FileAttributes:  0x20
dcc.e28:     Size:            0x1a7540
dcc.e28:     NT Headers:      0xd8
dcc.e28:     Timestamp:       0x550f4336
dcc.e28:     Machine:         0x8664 - amd64
dcc.e28:     Timestamp:       0x550f4336
dcc.e28:     Image Version:   6.3
dcc.e28:     SizeOfImage:     0x1ac000 (1753088)
dcc.e28:     Resource Dir:    0x148000 LB 0x62450
dcc.e28:     ProductName:     Microsoft® Windows® Operating System
dcc.e28:     ProductVersion:  6.3.9600.17736
dcc.e28:     FileVersion:     6.3.9600.17736 (winblue_r9.150322-1500)
dcc.e28:     FileDescription: NT Layer DLL
dcc.e28: \SystemRoot\System32\kernel32.dll:
dcc.e28:     CreationTime:    2015-03-28T18:43:10.880167300Z
dcc.e28:     LastWriteTime:   2014-10-29T04:09:24.572407200Z
dcc.e28:     ChangeTime:      2015-03-30T13:34:43.087928400Z
dcc.e28:     FileAttributes:  0x20
dcc.e28:     Size:            0x13fc30
dcc.e28:     NT Headers:      0xf8
dcc.e28:     Timestamp:       0x545054ca
dcc.e28:     Machine:         0x8664 - amd64
dcc.e28:     Timestamp:       0x545054ca
dcc.e28:     Image Version:   6.3
dcc.e28:     SizeOfImage:     0x13e000 (1302528)
dcc.e28:     Resource Dir:    0x12e000 LB 0x518
dcc.e28:     ProductName:     Microsoft® Windows® Operating System
dcc.e28:     ProductVersion:  6.3.9600.17415
dcc.e28:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
dcc.e28:     FileDescription: Windows NT BASE API Client DLL
dcc.e28: \SystemRoot\System32\KernelBase.dll:
dcc.e28:     CreationTime:    2015-03-28T18:43:59.209819500Z
dcc.e28:     LastWriteTime:   2014-10-29T03:55:08.402989600Z
dcc.e28:     ChangeTime:      2015-03-30T13:33:05.602192500Z
dcc.e28:     FileAttributes:  0x20
dcc.e28:     Size:            0x114a90
dcc.e28:     NT Headers:      0xf0
dcc.e28:     Timestamp:       0x54505737
dcc.e28:     Machine:         0x8664 - amd64
dcc.e28:     Timestamp:       0x54505737
dcc.e28:     Image Version:   6.3
dcc.e28:     SizeOfImage:     0x115000 (1134592)
dcc.e28:     Resource Dir:    0x110000 LB 0x3528
dcc.e28:     ProductName:     Microsoft® Windows® Operating System
dcc.e28:     ProductVersion:  6.3.9600.17415
dcc.e28:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
dcc.e28:     FileDescription: Windows NT BASE API Client DLL
dcc.e28: \SystemRoot\System32\apisetschema.dll:
dcc.e28:     CreationTime:    2013-08-22T12:13:09.745625900Z
dcc.e28:     LastWriteTime:   2013-08-22T12:35:12.091034400Z
dcc.e28:     ChangeTime:      2014-05-10T19:29:38.590798500Z
dcc.e28:     FileAttributes:  0x20
dcc.e28:     Size:            0x11360
dcc.e28:     NT Headers:      0xd0
dcc.e28:     Timestamp:       0x52160049
dcc.e28:     Machine:         0x8664 - amd64
dcc.e28:     Timestamp:       0x52160049
dcc.e28:     Image Version:   6.3
dcc.e28:     SizeOfImage:     0x13000 (77824)
dcc.e28:     Resource Dir:    0x11000 LB 0x3f8
dcc.e28:     ProductName:     Microsoft® Windows® Operating System
dcc.e28:     ProductVersion:  6.3.9600.16384
dcc.e28:     FileVersion:     6.3.9600.16384 (winblue_rtm.130821-1623)
dcc.e28:     FileDescription: ApiSet Schema DLL
dcc.e28: NtOpenDirectoryObject failed on \Driver: 0xc0000022
dcc.e28: supR3HardenedWinFindAdversaries: 0x0
dcc.e28: Calling main()
dcc.e28: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
dcc.e28: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
dcc.e28: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
dcc.e28: SUPR3HardenedMain: Respawn #2
dcc.e28: supR3HardNtEnableThreadCreation:
dcc.e28: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a4e48eb0 pvNtTerminateThread=00007ff8a4ec16f0
dcc.e28: supR3HardenedWinDoReSpawn(2): New child ecc.e58 [kernel32].
dcc.e28: supR3HardenedWinReSpawn: NtSetInformationThread/ThreadHideFromDebugger failed: 0xc0000022 (harmless)
dcc.e28: supR3HardNtChildGatherData: PebBaseAddress=00007ff6d0dbf000 cbPeb=0x388
dcc.e28: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00007ff8a4e30000 uNtDllChildAddr=00007ff8a4e30000
dcc.e28: supR3HardenedWinSetupChildInit: uLdrInitThunk=00007ff8a4e48eb0
dcc.e28: supR3HardenedWinSetupChildInit: Start child.
dcc.e28: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
dcc.e28: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps
dcc.e28: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
dcc.e28:  *0000000000000000-ffffffffff65ffff 0x0001/0x0000 0x0000000
dcc.e28:  *00000000009a0000-000000000097ffff 0x0004/0x0004 0x0020000
dcc.e28:  *00000000009c0000-00000000009b0fff 0x0002/0x0002 0x0040000
dcc.e28:   00000000009cf000-00000000009cdfff 0x0001/0x0000 0x0000000
dcc.e28:  *00000000009d0000-00000000008d3fff 0x0000/0x0004 0x0020000
dcc.e28:   0000000000acc000-0000000000ac8fff 0x0104/0x0004 0x0020000
dcc.e28:   0000000000acf000-0000000000acdfff 0x0004/0x0004 0x0020000
dcc.e28:  *0000000000ad0000-0000000000acbfff 0x0002/0x0002 0x0040000
dcc.e28:   0000000000ad4000-0000000000ac7fff 0x0001/0x0000 0x0000000
dcc.e28:  *0000000000ae0000-0000000000addfff 0x0004/0x0004 0x0020000
dcc.e28:   0000000000ae2000-ffffffff815e3fff 0x0001/0x0000 0x0000000
dcc.e28:  *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
dcc.e28:   000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
dcc.e28:   000000007fff0000-ffff800a2f24ffff 0x0001/0x0000 0x0000000
dcc.e28:  *00007ff6d0d90000-00007ff6d0d6cfff 0x0002/0x0002 0x0040000
dcc.e28:   00007ff6d0db3000-00007ff6d0da8fff 0x0001/0x0000 0x0000000
dcc.e28:  *00007ff6d0dbd000-00007ff6d0dbafff 0x0004/0x0004 0x0020000
dcc.e28:  *00007ff6d0dbf000-00007ff6d0dbdfff 0x0004/0x0004 0x0020000
dcc.e28:   00007ff6d0dc0000-00007ff6d062ffff 0x0001/0x0000 0x0000000
dcc.e28:  *00007ff6d1550000-00007ff6d1550fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1551000-00007ff6d15d5fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d15d6000-00007ff6d15d6fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d15d7000-00007ff6d1614fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1615000-00007ff6d1615fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1616000-00007ff6d1616fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1617000-00007ff6d1618fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1619000-00007ff6d1619fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d161a000-00007ff6d161afff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d161b000-00007ff6d161efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d161f000-00007ff6d1657fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
dcc.e28:   00007ff6d1658000-00007ff4fde7ffff 0x0001/0x0000 0x0000000
dcc.e28:  *00007ff8a4e30000-00007ff8a4e30fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4e31000-00007ff8a4f5cfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f5d000-00007ff8a4f62fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f63000-00007ff8a4f6ffff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f70000-00007ff8a4f70fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f71000-00007ff8a4f73fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f74000-00007ff8a4f74fff 0x0010/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4f75000-00007ff8a4fdbfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume4\Windows\System32\ntdll.dll
dcc.e28:   00007ff8a4fdc000-00007ff149fd7fff 0x0001/0x0000 0x0000000
dcc.e28:  *00007ffffffe0000-00007ffffffcffff 0x0001/0x0002 0x0020000
dcc.e28: VirtualBox.exe: timestamp 0x555369a5 (rc=VINF_SUCCESS)
dcc.e28: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
dcc.e28: '\Device\HarddiskVolume4\Windows\System32\ntdll.dll' has no imports
dcc.e28: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
ecc.e58: Log file opened: 4.3.28r100309 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x63258000
ecc.e58: supR3HardenedVmProcessInit: uNtDllAddr=00007ff8a4e30000
ecc.e58: ntdll.dll: timestamp 0x550f4336 (rc=VINF_SUCCESS)
ecc.e58: New simple heap: #1 0000000000bf0000 LB 0x400000 (for 1753088 allocation)
dcc.e28: supR3HardenedEarlyCompact: Removed heap 1 (0x000000009f0000 LB 0x400000)
dcc.e28: supR3HardNtEnableThreadCreation:
ecc.e58: System32:  \Device\HarddiskVolume4\Windows\System32
ecc.e58: WinSxS:    \Device\HarddiskVolume4\Windows\WinSxS
ecc.e58: KnownDllPath: C:\Windows\system32
ecc.e58: supR3HardenedVmProcessInit: Opening vboxdrv...
ecc.e58: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
ecc.e58: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
ecc.e58: Registered Dll notification callback with NTDLL.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\KERNEL32.DLL (Input=KERNEL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a22e0000 LB 0x00115000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\KernelBase.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\KernelBase.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a4b10000 LB 0x0013e000 C:\Windows\system32\KERNEL32.DLL [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32\KERNEL32.DLL'
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff6d1550000 LB 0x00108000 C:\Program Files\Oracle\VirtualBox\VirtualBox.exe [fFlags=0x0]
ecc.e58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe
ecc.e58: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00007ff8a4e48eb0 pvNtTerminateThread=00007ff8a4ec16f0
dcc.e28: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
ecc.e58: \SystemRoot\System32\ntdll.dll:
ecc.e58:     CreationTime:    2015-04-15T12:54:24.332363000Z
ecc.e58:     LastWriteTime:   2015-03-23T21:59:25.551884100Z
ecc.e58:     ChangeTime:      2015-05-06T14:01:01.710325500Z
ecc.e58:     FileAttributes:  0x20
ecc.e58:     Size:            0x1a7540
ecc.e58:     NT Headers:      0xd8
ecc.e58:     Timestamp:       0x550f4336
ecc.e58:     Machine:         0x8664 - amd64
ecc.e58:     Timestamp:       0x550f4336
ecc.e58:     Image Version:   6.3
ecc.e58:     SizeOfImage:     0x1ac000 (1753088)
ecc.e58:     Resource Dir:    0x148000 LB 0x62450
ecc.e58:     ProductName:     Microsoft® Windows® Operating System
ecc.e58:     ProductVersion:  6.3.9600.17736
ecc.e58:     FileVersion:     6.3.9600.17736 (winblue_r9.150322-1500)
ecc.e58:     FileDescription: NT Layer DLL
ecc.e58: \SystemRoot\System32\kernel32.dll:
ecc.e58:     CreationTime:    2015-03-28T18:43:10.880167300Z
ecc.e58:     LastWriteTime:   2014-10-29T04:09:24.572407200Z
ecc.e58:     ChangeTime:      2015-03-30T13:34:43.087928400Z
ecc.e58:     FileAttributes:  0x20
ecc.e58:     Size:            0x13fc30
ecc.e58:     NT Headers:      0xf8
ecc.e58:     Timestamp:       0x545054ca
ecc.e58:     Machine:         0x8664 - amd64
ecc.e58:     Timestamp:       0x545054ca
ecc.e58:     Image Version:   6.3
ecc.e58:     SizeOfImage:     0x13e000 (1302528)
ecc.e58:     Resource Dir:    0x12e000 LB 0x518
ecc.e58:     ProductName:     Microsoft® Windows® Operating System
ecc.e58:     ProductVersion:  6.3.9600.17415
ecc.e58:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
ecc.e58:     FileDescription: Windows NT BASE API Client DLL
ecc.e58: \SystemRoot\System32\KernelBase.dll:
ecc.e58:     CreationTime:    2015-03-28T18:43:59.209819500Z
ecc.e58:     LastWriteTime:   2014-10-29T03:55:08.402989600Z
ecc.e58:     ChangeTime:      2015-03-30T13:33:05.602192500Z
ecc.e58:     FileAttributes:  0x20
ecc.e58:     Size:            0x114a90
ecc.e58:     NT Headers:      0xf0
ecc.e58:     Timestamp:       0x54505737
ecc.e58:     Machine:         0x8664 - amd64
ecc.e58:     Timestamp:       0x54505737
ecc.e58:     Image Version:   6.3
ecc.e58:     SizeOfImage:     0x115000 (1134592)
ecc.e58:     Resource Dir:    0x110000 LB 0x3528
ecc.e58:     ProductName:     Microsoft® Windows® Operating System
ecc.e58:     ProductVersion:  6.3.9600.17415
ecc.e58:     FileVersion:     6.3.9600.17415 (winblue_r4.141028-1500)
ecc.e58:     FileDescription: Windows NT BASE API Client DLL
ecc.e58: \SystemRoot\System32\apisetschema.dll:
ecc.e58:     CreationTime:    2013-08-22T12:13:09.745625900Z
ecc.e58:     LastWriteTime:   2013-08-22T12:35:12.091034400Z
ecc.e58:     ChangeTime:      2014-05-10T19:29:38.590798500Z
ecc.e58:     FileAttributes:  0x20
ecc.e58:     Size:            0x11360
ecc.e58:     NT Headers:      0xd0
ecc.e58:     Timestamp:       0x52160049
ecc.e58:     Machine:         0x8664 - amd64
ecc.e58:     Timestamp:       0x52160049
ecc.e58:     Image Version:   6.3
ecc.e58:     SizeOfImage:     0x13000 (77824)
ecc.e58:     Resource Dir:    0x11000 LB 0x3f8
ecc.e58:     ProductName:     Microsoft® Windows® Operating System
ecc.e58:     ProductVersion:  6.3.9600.16384
ecc.e58:     FileVersion:     6.3.9600.16384 (winblue_rtm.130821-1623)
ecc.e58:     FileDescription: ApiSet Schema DLL
ecc.e58: NtOpenDirectoryObject failed on \Driver: 0xc0000022
ecc.e58: supR3HardenedWinFindAdversaries: 0x0
ecc.e58: Calling main()
ecc.e58: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
ecc.e58: '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe)
ecc.e58: SUPR3HardenedMain: Final process, opening VBoxDrv...
ecc.e58: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000bf0000 LB 0x400000)
ecc.e58: supR3HardNtEnableThreadCreation:
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8969d0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8969d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8969d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8969d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'msasn1.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wintrust.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wintrust.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msasn1.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msasn1.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #28 'msasn1.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\crypt32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\crypt32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msvcrt.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a28b0000 LB 0x000aa000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2030000 LB 0x00011000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2100000 LB 0x001df000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2b80000 LB 0x00141000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2400000 LB 0x00051000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\system32\Wintrust.dll'
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcrypt.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcrypt.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1aa0000 LB 0x00026000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1aa0000 'C:\Windows\system32\bcrypt.dll'
ecc.e58: bcrypt.dll loaded at 00007ff8a1aa0000, BCryptOpenAlgorithmProvider at 00007ff8a1aa34a0, preloading providers:
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1de0000 LB 0x00063000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1de0000 'C:\Windows\system32\bcryptprimitives.dll'
ecc.e58:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000010f90e0)
ecc.e58:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000010f94d0)
ecc.e58:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000010f95f0)
ecc.e58:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000010f9840)
ecc.e58:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000010f9960)
ecc.e58:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000010fa3d0)
ecc.e58:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000010fa2b0)
ecc.e58:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000010f9e30)
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptsp.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptsp.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a17f0000 LB 0x00020000 C:\Windows\SYSTEM32\CRYPTSP.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcrypt.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\rsaenh.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1410000 LB 0x00036000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'bcryptprimitives.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cryptbase.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptbase.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1e50000 LB 0x0000b000 C:\Windows\SYSTEM32\CRYPTBASE.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcryptprimitives.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcryptprimitives.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32\kernel32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\CRYPT32.dll'
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a4ae0000 LB 0x00016000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imagehlp.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imagehlp.dll
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'bcrypt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ntasn1.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ncrypt.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ncrypt.dll
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ntasn1.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ntasn1.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1a30000 LB 0x00037000 C:\Windows\SYSTEM32\NTASN1.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1a70000 LB 0x00025000 C:\Windows\SYSTEM32\ncrypt.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\sechost.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sechost.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a34a0000 LB 0x00059000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gpapi.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gpapi.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1110000 LB 0x00024000 C:\Windows\SYSTEM32\gpapi.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\profapi.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\profapi.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1f80000 LB 0x00015000 C:\Windows\SYSTEM32\profapi.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'crypt32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'wldap32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\cryptnet.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cryptnet.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume4\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\Wldap32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\Wldap32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume4\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntasn1.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntasn1.dll' -> '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ntasn1.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a3440000 LB 0x0005c000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff888620000 LB 0x00039000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\system32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff888620000 'C:\Windows\System32\cryptnet.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'sechost.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\advapi32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a3390000 LB 0x000aa000 C:\Windows\SYSTEM32\advapi32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'sechost.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'sechost.dll' -> '\Device\HarddiskVolume4\Windows\System32\sechost.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\sechost.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0C388B9F1A03B08C9E0419963B4B8BEF1136190E
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2b80000 'C:\Windows\system32\rpcrt4.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\WINTRUST.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\System32\WINTRUST.DLL'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_31_for_KB3045999~31bf3856ad364e35~amd64~~6.3.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
ecc.e58: g_pfnWinVerifyTrust=00007ff8a2401050
ecc.e58: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/preload: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/preload: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\wintrust.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\advapi32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000378 pwszName=\Device\HarddiskVolume4\Windows\System32\Wldap32.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BBC3979054487C3D01C936AC44608445F3BDB24A
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\Wldap32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume4\Windows\System32\cryptnet.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFA081F787F20E906CEFF5631F4EC1F5B874BBA5
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1991_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptnet.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\profapi.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gpapi.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sechost.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ntasn1.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\ncrypt.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\imagehlp.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptbase.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cryptsp.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcryptprimitives.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\bcrypt.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\msasn1.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.exe'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\KernelBase.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xf4050763db1ec800 CN=keith-laptop
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xff3891b54348328 C=US, O=Entrust.net, OU=www.entrust.net/CPS incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Secure Server Certification Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x6e2ba21058eedf00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN - DATACorp SGC
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
ecc.e58: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
ecc.e58: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=37
ecc.e58: SUPR3HardenedMain: Load Runtime...
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'nsi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ws2_32.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\nsi.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\nsi.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll)WinVerifyTrust
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006b810000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006b770000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2570000 LB 0x00009000 C:\Windows\system32\NSI.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a3560000 LB 0x0005a000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff87be00000 LB 0x00538000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\nsi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rescheduled]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxRT.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87be00000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2400000 'C:\Windows\system32\Wintrust.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: SUPR3HardenedMain: Load TrustedMain...
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtnetworkvbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'winmmbase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmm.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume4\Windows\System32\comdlg32.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8D428FD3A844AF383E2EA2C23013320CECD6296
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #29 'gdi32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\user32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\user32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmmbase.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmmbase.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'devobj.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winmmbase.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winmmbase.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'cfgmgr32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\devobj.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devobj.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\gdi32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\gdi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\comdlg32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\comdlg32.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shell32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #55 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #57 'shlwapi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #59 'gdi32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shell32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\comctl32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\comctl32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'gdi32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\shlwapi.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\shlwapi.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'combase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\oleaut32.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\combase.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\combase.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #36 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #37 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #38 'combase.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ole32.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\shell32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\gdi32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\user32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtnetworkvbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtnetworkvbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtnetworkvbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\opengl32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\opengl32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'dciman32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\ddraw.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ddraw.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\glu32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\glu32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume4\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\winspool.drv)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winspool.drv
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'msctf.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\imm32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\imm32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume4\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'imm32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msctf.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msctf.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
ecc.e58: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dciman32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dciman32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qtcorevbox4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [lacks WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume4\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume4\Windows\System32\opengl32.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C6D4490D969C3233E8843AD4B11DB3F390C0B16
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1537_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\opengl32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000a01:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #33 'combase.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\SHCore.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\SHCore.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2720000 LB 0x00177000 C:\Windows\system32\USER32.dll [fFlags=0x0]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2a20000 LB 0x00151000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff892470000 LB 0x00009000 C:\Windows\SYSTEM32\DCIMAN32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8894f0000 LB 0x000f8000 C:\Windows\SYSTEM32\DDRAW.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\ddraw.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff891ce0000 LB 0x0002e000 C:\Windows\SYSTEM32\GLU32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\glu32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8895f0000 LB 0x0012b000 C:\Windows\SYSTEM32\OPENGL32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\opengl32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2d10000 LB 0x00211000 C:\Windows\SYSTEM32\combase.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2580000 LB 0x00194000 C:\Windows\system32\ole32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006b490000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a3500000 LB 0x00054000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shlwapi.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff89f960000 LB 0x000a4000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\COMCTL32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a35c0000 LB 0x01518000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a0ad0000 LB 0x000b2000 C:\Windows\SYSTEM32\SHCORE.DLL [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\SHCore.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a24b0000 LB 0x000b6000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\comdlg32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a3250000 LB 0x000c1000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a30f0000 LB 0x00151000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msctf.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2cd0000 LB 0x00036000 C:\Windows\system32\IMM32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2460000 LB 0x0004f000 C:\Windows\SYSTEM32\cfgmgr32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a0d70000 LB 0x00028000 C:\Windows\SYSTEM32\DEVOBJ.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff89fbc0000 LB 0x0002a000 C:\Windows\SYSTEM32\WINMMBASE.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmmbase.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff89fe80000 LB 0x00022000 C:\Windows\SYSTEM32\WINMM.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff89f8d0000 LB 0x00082000 C:\Windows\SYSTEM32\WINSPOOL.DRV [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\winspool.drv [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006ab20000 LB 0x00969000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006aa10000 LB 0x00105000 C:\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtNetworkVBox4.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   000000006a930000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff87afa0000 LB 0x00875000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VirtualBox.dll
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\SHCore.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\SHCore.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\dciman32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\dciman32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\msctf.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\msctf.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\imm32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\winspool.drv'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winspool.drv' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\glu32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\glu32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\ddraw.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\ddraw.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\shlwapi.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume4\Windows\System32\comctl32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\comctl32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\devobj.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rescheduled]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll'.
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=0 for '\Device\HarddiskVolume4\Windows\System32\winmmbase.dll' [rescheduled]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\imm32.dll [redoing WinVerifyTrust]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\imm32.dll'.
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\imm32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
ecc.e58: Detected loader lock ownership: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\combase.dll'.
ecc.e58: supR3HardenedScreenImage/Imports: WinVerifyTrust not available, rescheduling \Device\HarddiskVolume4\Windows\System32\combase.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2cd0000 'C:\Windows\system32\imm32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87afa0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
ecc.e58: SUPR3HardenedMain: Calling TrustedMain (00007ff87afa1ca0)...
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=011C79DEF7FEEC81838000B9664073BAE4A7CB92
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1357_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\uxtheme.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'gdi32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\uxtheme.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a0bf0000 LB 0x00129000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'user32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'gdi32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dwmapi.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dwmapi.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff89feb0000 LB 0x00021000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a0dc0000 LB 0x0000b000 C:\Windows\SYSTEM32\kernel.appcore.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\gdi32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\kernel.appcore.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dwmapi.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a35c0000 'C:\Windows\system32\shell32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32\kernel32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2720000 'C:\Windows\system32\user32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\uxtheme.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a0bf0000 'C:\Windows\system32\uxtheme.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2720000 'C:\Windows\system32\user32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\advapi32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a3390000 'C:\Windows\system32\advapi32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'profapi.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\userenv.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\userenv.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\profapi.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1520000 LB 0x00021000 C:\Windows\system32\userenv.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1520000 'C:\Windows\system32\userenv.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32\kernel32.dll'
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\clbcatq.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\clbcatq.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a2960000 LB 0x000b6000 C:\Windows\SYSTEM32\clbcatq.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\clbcatq.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\clbcatq.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a3250000 'C:\Windows\System32\oleaut32.dll'
ecc.e58: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\sxs.dll)
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\sxs.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a1e60000 LB 0x00099000 C:\Windows\SYSTEM32\sxs.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\sxs.dll [avoiding WinVerifyTrust]
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000718 pwszName=\Device\HarddiskVolume4\Windows\System32\sxs.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CE9E354C30F5B2A6EDC3DE9416DF14533BE89816
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_846_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\sxs.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\sxs.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a3250000 'C:\Windows\system32\OLEAUT32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2a20000 'C:\Windows\system32\gdi32.dll'
ecc.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
ecc.1700: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
ecc.1700: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll)WinVerifyTrust
ecc.1700: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.1700: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.1700: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
ecc.1700: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.1700: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
ecc.1700: supR3HardenedDllNotificationCallback: load   00007ff87aaa0000 LB 0x004f9000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
ecc.1700: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
ecc.1700: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87aaa0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
ecc.c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.c14: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.c14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll)WinVerifyTrust
ecc.c14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
ecc.c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.c14: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.c14: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.c14: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.c14: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
ecc.c14: supR3HardenedDllNotificationCallback: load   00007ff8969c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
ecc.c14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
ecc.c14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8969c0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxPuelMain.DLL'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2720000 'C:\Windows\system32\user32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a35c0000 'C:\Windows\system32\shell32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2580000 'C:\Windows\system32\ole32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2580000 'C:\Windows\system32\ole32.dll'
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a3250000 'C:\Windows\system32\OLEAUT32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a7c pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=423F3447A3399AF560C707709A03AE5E23FA1CAD
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a98 pwszName=\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3E264B83DD0BC4A26011E964C5856C40BC4FD6A4
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'ws2_32.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff897680000 LB 0x00082000 C:\Windows\SYSTEM32\wbemcomn.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff896600000 LB 0x00011000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemprox.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a22e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896600000 'C:\Windows\system32\wbem\wbemprox.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a60 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=34CAAFAC191912291EB7000AE3D54335A7FD4C18
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff896c40000 LB 0x00015000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\wbemsvc.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896c40000 'C:\Windows\system32\wbem\wbemsvc.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-l1-2-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a22e0000 'api-ms-win-core-localization-l1-2-0.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=api-ms-win-core-localization-obsolete-l1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a22e0000 'api-ms-win-core-localization-obsolete-l1-1-0.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a44 pwszName=\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92F5EA7DEF5292B930D85382B83309F563FFA69F
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_746_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'wbemcomn.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume4\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbemcomn.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msvcrt.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff896c60000 LB 0x000fb000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wbem\fastprox.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896c60000 'C:\Windows\system32\wbem\fastprox.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll' [redir]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll [redoing WinVerifyTrust]
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D2439957F4F4E64F3771B4CC408D22259C95DE82
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rsaenh.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1358_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f960000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.9600.17415_none_34aa3313958e7a52\comctl32.dll'
ecc.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.b5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll)WinVerifyTrust
ecc.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
ecc.b5c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
ecc.b5c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll)WinVerifyTrust
ecc.b5c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.b5c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.b5c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.b5c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
ecc.b5c: supR3HardenedDllNotificationCallback: load   000000006a820000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
ecc.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxREM.dll
ecc.b5c: supR3HardenedDllNotificationCallback: load   00007ff87cff0000 LB 0x00262000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
ecc.b5c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.b5c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87cff0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.1840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
ecc.1840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.1840: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
ecc.1840: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll)WinVerifyTrust
ecc.1840: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
ecc.1840: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.1840: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.1840: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.1840: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
ecc.1840: supR3HardenedDllNotificationCallback: load   00007ff894620000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
ecc.1840: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
ecc.1840: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff894620000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
ecc.19b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.19b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.19b8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.19b8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll)WinVerifyTrust
ecc.19b8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
ecc.19b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.19b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.19b8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.19b8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.19b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.19b8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
ecc.19b8: supR3HardenedDllNotificationCallback: load   00007ff893a80000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
ecc.19b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
ecc.19b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff893a80000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
ecc.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
ecc.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll)WinVerifyTrust
ecc.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
ecc.10cc: supR3HardenedDllNotificationCallback: load   00007ff8939a0000 LB 0x0000f000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
ecc.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
ecc.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8939a0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
ecc.1a90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1a90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.1a90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
ecc.1a90: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.1a90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll)WinVerifyTrust
ecc.1a90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
ecc.1a90: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcp100.dll
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.1a90: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.1a90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.1a90: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
ecc.1a90: supR3HardenedDllNotificationCallback: load   00007ff8934f0000 LB 0x0000e000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
ecc.1a90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
ecc.1a90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8934f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\shell32.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a35c0000 'C:\Windows\system32/Shell32.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87cff0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff892ea0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff892ea0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
ecc.10ac: supR3HardenedDllNotificationCallback: Unload 00007ff892ea0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winnsi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ole32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: Detected WinVerifyTrust recursion: rc=VINF_SUCCESS '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\winnsi.dll)
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\winnsi.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'cfgmgr32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'rpcrt4.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\setupapi.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\setupapi.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\rpcrt4.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume4\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c80 pwszName=\Device\HarddiskVolume4\Windows\System32\newdev.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B90F53BC1E04734936A6993D9005F5A7C816F8F
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_868_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\newdev.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\newdev.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\newdev.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\cfgmgr32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume4\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\devrtl.dll)
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\devrtl.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8a4c50000 LB 0x001da000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\setupapi.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff899790000 LB 0x00016000 C:\Windows\SYSTEM32\devrtl.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff893df0000 LB 0x00056000 C:\Windows\SYSTEM32\newdev.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\newdev.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff893bc0000 LB 0x00061000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDDU.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff892ea0000 LB 0x00035000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89ec70000 LB 0x0000a000 C:\Windows\SYSTEM32\WINNSI.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winnsi.dll [avoiding WinVerifyTrust]
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89e8d0000 LB 0x0002a000 C:\Windows\SYSTEM32\IPHLPAPI.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff87c710000 LB 0x008d2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87c710000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c8c pwszName=\Device\HarddiskVolume4\Windows\System32\devrtl.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1BD420FD87C527DD7764DD8C12C3F1C9F0448C71
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devrtl.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\winnsi.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8925d0000 LB 0x00033000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8925d0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxHostWebcam.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxC.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87aaa0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxDD2.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff892ea0000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff892300000 LB 0x00013000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff892300000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxEhciR3.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8922e0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8922e0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbCardReaderR3.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8922c0000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8922c0000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VBoxUsbWebcamR3.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
ecc.1ae4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
ecc.1ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll)WinVerifyTrust
ecc.1ae4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
ecc.1ae4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxVMM.dll
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.1ae4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.1ae4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.1ae4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
ecc.1ae4: supR3HardenedDllNotificationCallback: load   00007ff8932d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
ecc.1ae4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
ecc.1ae4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8932d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff896980000 LB 0x00009000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff896980000 'C:\Program Files\Oracle\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.amd64/VDPluginCrypt.DLL'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\IPHLPAPI.DLL
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89e8d0000 'C:\Windows\system32/Iphlpapi.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll)
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89a4f0000 LB 0x00016000 C:\Windows\SYSTEM32\dhcpcsvc6.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll [avoiding WinVerifyTrust]
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'nsi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll)
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89a5d0000 LB 0x0001a000 C:\Windows\SYSTEM32\dhcpcsvc.DLL [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll [avoiding WinVerifyTrust]
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7A32ED884F605C3353300D1165178C01A252E7
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume4\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\nsi.dll [lacks WinVerifyTrust]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ws2_32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e14 pwszName=\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=852EBF87DB04C5286E131027705696EE75673482
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\dhcpcsvc6.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb8 pwszName=\Device\HarddiskVolume4\Windows\System32\dsound.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF2CE4B6EA46F5759902C86AAA15DD883AC6DD4E
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\dsound.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\dsound.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\dsound.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume4\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\powrprof.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\powrprof.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume4\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8a1f20000 LB 0x00046000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\powrprof.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff883440000 LB 0x0009d000 C:\Windows\System32\dsound.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\dsound.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff883440000 'C:\Windows\System32\dsound.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff883440000 'C:\Windows\System32\dsound.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'rpcrt4.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'devobj.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume4\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\devobj.dll [redoing WinVerifyTrust]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\devobj.dll'
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000009:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89f3b0000 LB 0x00070000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f3b0000 'C:\Windows\System32\MMDevApi.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89f3b0000 'C:\Windows\system32\MMDEVAPI.DLL'
ecc.197c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.197c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\crypt32.dll
ecc.197c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.197c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.197c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.197c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
ecc.197c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
ecc.197c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #30 'mmdevapi.dll'.
ecc.197c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #31 'combase.dll'.
ecc.197c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\AudioSes.dll)WinVerifyTrust
ecc.197c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'combase.dll'...
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: 'combase.dll' -> '\Device\HarddiskVolume4\Windows\System32\combase.dll' [rcNtRedir=0xc0150008]
ecc.197c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\combase.dll [redoing WinVerifyTrust]
ecc.197c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.197c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.197c: supR3HardenedScreenImage/Imports: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\combase.dll'
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
ecc.197c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume4\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
ecc.197c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\oleaut32.dll
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.197c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.197c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.197c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
ecc.197c: supR3HardenedDllNotificationCallback: load   00007ff894e10000 LB 0x0007e000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
ecc.197c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\AudioSes.dll
ecc.197c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff894e10000 'C:\Windows\system32\AUDIOSES.DLL'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f24 pwszName=\Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D0975C289FEE943955B8CE81B02A0395FAA747
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\wdmaud.drv'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'mmdevapi.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #20 'winmm.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'ksuser.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #22 'avrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\wdmaud.drv)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\avrt.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\avrt.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume4\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\ksuser.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\ksuser.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89eca0000 LB 0x00008000 C:\Windows\SYSTEM32\ksuser.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\ksuser.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89ec80000 LB 0x0000c000 C:\Windows\SYSTEM32\AVRT.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff895770000 LB 0x0003e000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\wdmaud.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff895770000 'C:\Windows\system32\wdmaud.drv'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC41C5E1A841A83249581F1B29E14A708B8981A9
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\msacm32.drv'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.drv)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume4\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\MMDevAPI.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume4\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\msacm32.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\msacm32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff896780000 LB 0x0001c000 C:\Windows\SYSTEM32\MSACM32.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff89b2b0000 LB 0x0000b000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\msacm32.drv
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89b2b0000 'C:\Windows\system32\msacm32.drv'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f54 pwszName=\Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0F2984C30BFC77017EA7B9BF6F656853E29D991
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_779_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\midimap.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\midimap.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume4\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume4\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\user32.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8990d0000 LB 0x0000a000 C:\Windows\system32\midimap.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8990d0000 'C:\Windows\system32\midimap.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8990d0000 'C:\Windows\system32\midimap.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8990d0000 'C:\Windows\system32\midimap.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\midimap.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8990d0000 'C:\Windows\system32\midimap.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\winmm.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89fe80000 'C:\Windows\system32\winmm.dll'
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\kernel32.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a4b10000 'C:\Windows\system32/kernel32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000001030 pwszName=\Device\HarddiskVolume4\Windows\System32\mswsock.dll
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F5D0CFD7C59A53ECEE5E548E409683E758757285
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1995_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\mswsock.dll'
ecc.10ac: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
ecc.10ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
ecc.10ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mswsock.dll)WinVerifyTrust
ecc.10ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mswsock.dll
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume4\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
ecc.10ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume4\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.10ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
ecc.10ac: supR3HardenedDllNotificationCallback: load   00007ff8a1790000 LB 0x00059000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
ecc.10ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mswsock.dll
ecc.10ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1790000 'C:\Windows\system32\mswsock.dll'
ecc.1978: '\Device\HarddiskVolume4\Windows\System32\tzres.dll' has no imports
ecc.1978: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume4\Windows\System32\tzres.dll)
ecc.1978: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\tzres.dll
ecc.1978: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume4\Windows\System32\tzres.dll [avoiding WinVerifyTrust]
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad0 pwszName=\Device\HarddiskVolume4\Windows\System32\tzres.dll
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2C2912B1AF73A6796732D1488D75007F742A3299
ecc.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1966_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\tzres.dll'
ecc.1074: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.1074: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume4\Windows\System32\tzres.dll'
ecc.1074: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\avrt.dll
ecc.1074: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.1074: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff89ec80000 'C:\Windows\system32\avrt.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000770 pwszName=\Device\HarddiskVolume4\Windows\System32\mscms.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C01A2E8CE3347A322BF0830A5BC147EBA8BAD06F
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\mscms.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\mscms.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\mscms.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume4\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\userenv.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000001:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff8a00c0000 LB 0x00092000 C:\Windows\system32\mscms.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a00c0000 'C:\Windows\system32\mscms.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010a4 pwszName=\Device\HarddiskVolume4\Windows\System32\icm32.dll
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000112a710
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47D46A3D26A83E75181F440594F6DC145125C84E
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a1410000 'C:\Windows\system32\rsaenh.dll'
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff8a2100000 'C:\Windows\system32\crypt32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1529_for_KB3000850~31bf3856ad364e35~amd64~~6.3.1.8.cat'; file='\Device\HarddiskVolume4\Windows\System32\icm32.dll'
ecc.e58: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
ecc.e58: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
ecc.e58: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume4\Windows\System32\icm32.dll)WinVerifyTrust
ecc.e58: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume4\Windows\System32\icm32.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume4\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\mscms.dll
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
ecc.e58: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume4\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
ecc.e58: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000000801:<flags> [calling]
ecc.e58: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\icm32.dll
ecc.e58: supR3HardenedDllNotificationCallback: load   00007ff87d970000 LB 0x00041000 C:\Windows\system32\icm32.dll [fFlags=0x0]
ecc.e58: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume4\Windows\System32\icm32.dll
ecc.e58: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00007ff87d970000 'C:\Windows\system32\icm32.dll'