Ticket #15017: VBoxHardening.log

File VBoxHardening.log, 459.8 KB (added by SuperDiver, 9 years ago)

Line
1	13fc.f84: Log file opened: 5.0.12r104815 g_hStartupLog=00000010 g_uNtVerCombined=0x611db110
2	13fc.f84: \SystemRoot\System32\ntdll.dll:
3	13fc.f84: CreationTime: 2015-11-11T01:40:25.748046800Z
4	13fc.f84: LastWriteTime: 2015-10-20T00:48:47.299796500Z
5	13fc.f84: ChangeTime: 2015-11-11T01:51:39.761718700Z
6	13fc.f84: FileAttributes: 0x20
7	13fc.f84: Size: 0x13f600
8	13fc.f84: NT Headers: 0xd0
9	13fc.f84: Timestamp: 0x56258dbb
10	13fc.f84: Machine: 0x14c - i386
11	13fc.f84: Timestamp: 0x56258dbb
12	13fc.f84: Image Version: 6.1
13	13fc.f84: SizeOfImage: 0x141000 (1314816)
14	13fc.f84: Resource Dir: 0xe1000 LB 0x5a028
15	13fc.f84: ProductName: Microsoft® Windows® Operating System
16	13fc.f84: ProductVersion: 6.1.7601.19045
17	13fc.f84: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
18	13fc.f84: FileDescription: NT Layer DLL
19	13fc.f84: \SystemRoot\System32\kernel32.dll:
20	13fc.f84: CreationTime: 2015-06-10T01:18:16.643554600Z
21	13fc.f84: LastWriteTime: 2015-05-09T03:13:42.222000000Z
22	13fc.f84: ChangeTime: 2015-06-11T00:25:36.694335900Z
23	13fc.f84: FileAttributes: 0x20
24	13fc.f84: Size: 0xd4000
25	13fc.f84: NT Headers: 0xf0
26	13fc.f84: Timestamp: 0x554d7aff
27	13fc.f84: Machine: 0x14c - i386
28	13fc.f84: Timestamp: 0x554d7aff
29	13fc.f84: Image Version: 6.1
30	13fc.f84: SizeOfImage: 0xd4000 (868352)
31	13fc.f84: Resource Dir: 0xc7000 LB 0x528
32	13fc.f84: ProductName: Microsoft® Windows® Operating System
33	13fc.f84: ProductVersion: 6.1.7601.18847
34	13fc.f84: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
35	13fc.f84: FileDescription: Windows NT BASE API Client DLL
36	13fc.f84: \SystemRoot\System32\KernelBase.dll:
37	13fc.f84: CreationTime: 2015-06-10T01:18:16.706054600Z
38	13fc.f84: LastWriteTime: 2015-05-09T03:13:42.222000000Z
39	13fc.f84: ChangeTime: 2015-06-11T00:25:36.764648400Z
40	13fc.f84: FileAttributes: 0x20
41	13fc.f84: Size: 0x47a00
42	13fc.f84: NT Headers: 0xe0
43	13fc.f84: Timestamp: 0x554d7b00
44	13fc.f84: Machine: 0x14c - i386
45	13fc.f84: Timestamp: 0x554d7b00
46	13fc.f84: Image Version: 6.1
47	13fc.f84: SizeOfImage: 0x4b000 (307200)
48	13fc.f84: Resource Dir: 0x47000 LB 0x530
49	13fc.f84: ProductName: Microsoft® Windows® Operating System
50	13fc.f84: ProductVersion: 6.1.7601.18847
51	13fc.f84: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
52	13fc.f84: FileDescription: Windows NT BASE API Client DLL
53	13fc.f84: \SystemRoot\System32\apisetschema.dll:
54	13fc.f84: CreationTime: 2015-11-11T01:40:23.794921800Z
55	13fc.f84: LastWriteTime: 2015-10-20T00:35:03.776000000Z
56	13fc.f84: ChangeTime: 2015-11-11T01:51:45.983398400Z
57	13fc.f84: FileAttributes: 0x20
58	13fc.f84: Size: 0x1a00
59	13fc.f84: NT Headers: 0xc0
60	13fc.f84: Timestamp: 0x56258c72
61	13fc.f84: Machine: 0x14c - i386
62	13fc.f84: Timestamp: 0x56258c72
63	13fc.f84: Image Version: 6.1
64	13fc.f84: SizeOfImage: 0x50000 (327680)
65	13fc.f84: Resource Dir: 0x30000 LB 0x3f8
66	13fc.f84: ProductName: Microsoft® Windows® Operating System
67	13fc.f84: ProductVersion: 6.1.7601.19045
68	13fc.f84: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
69	13fc.f84: FileDescription: ApiSet Schema DLL
70	13fc.f84: supR3HardenedWinFindAdversaries: 0x0
71	13fc.f84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox'
72	13fc.f84: Calling main()
73	13fc.f84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
74	13fc.f84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox'
75	13fc.f84: SUPR3HardenedMain: Respawn #1
76	13fc.f84: System32: \Device\HarddiskVolume1\Windows\System32
77	13fc.f84: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
78	13fc.f84: KnownDllPath: C:\Windows\system32
79	13fc.f84: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports
80	13fc.f84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe)
81	13fc.f84: supR3HardNtEnableThreadCreation:
82	13fc.f84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0
83	13fc.f84: supR3HardenedWinDoReSpawn(1): New child d64.1424 [kernel32].
84	13fc.f84: supR3HardNtChildGatherData: PebBaseAddress=7ffd9000 cbPeb=0x248
85	13fc.f84: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d60000 uNtDllChildAddr=77d60000
86	13fc.f84: supR3HardenedWinSetupChildInit: uLdrInitThunk=77dc3911
87	13fc.f84: supR3HardenedWinSetupChildInit: Start child.
88	13fc.f84: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 31 ms.
89	13fc.f84: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 0 sleeps
90	13fc.f84: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
91	13fc.f84: *00000000-fffeffff 0x0001/0x0000 0x0000000
92	13fc.f84: *00010000-fffeffff 0x0004/0x0004 0x0020000
93	13fc.f84: *00030000-0002bfff 0x0002/0x0002 0x0040000
94	13fc.f84: 00034000-00027fff 0x0001/0x0000 0x0000000
95	13fc.f84: *00040000-0003efff 0x0004/0x0004 0x0020000
96	13fc.f84: 00041000-00031fff 0x0001/0x0000 0x0000000
97	13fc.f84: *00050000-0004efff 0x0004/0x0004 0x0020000
98	13fc.f84: 00051000-fffa1fff 0x0001/0x0000 0x0000000
99	13fc.f84: *00100000-00002fff 0x0000/0x0004 0x0020000
100	13fc.f84: 001fd000-001fafff 0x0104/0x0004 0x0020000
101	13fc.f84: 001ff000-001fdfff 0x0004/0x0004 0x0020000
102	13fc.f84: 00200000-ff20ffff 0x0001/0x0000 0x0000000
103	13fc.f84: *011f0000-011f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
104	13fc.f84: 011f1000-01267fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
105	13fc.f84: 01268000-01268fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
106	13fc.f84: 01269000-012a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
107	13fc.f84: 012a3000-012a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
108	13fc.f84: 012a4000-012a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
109	13fc.f84: 012a5000-012a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
110	13fc.f84: 012a6000-012a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
111	13fc.f84: 012a7000-012abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
112	13fc.f84: 012ac000-012aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
113	13fc.f84: 012af000-012f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
114	13fc.f84: 012f3000-8a885fff 0x0001/0x0000 0x0000000
115	13fc.f84: *77d60000-77d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
116	13fc.f84: 77d61000-77e37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
117	13fc.f84: 77e38000-77e3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
118	13fc.f84: 77e3e000-77e3efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
119	13fc.f84: 77e3f000-77e40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
120	13fc.f84: 77e41000-77ea0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
121	13fc.f84: 77ea1000-77d81fff 0x0001/0x0000 0x0000000
122	13fc.f84: *77fc0000-77fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
123	13fc.f84: 77fc1000-6ffe1fff 0x0001/0x0000 0x0000000
124	13fc.f84: *7ffa0000-7ff6cfff 0x0002/0x0002 0x0040000
125	13fc.f84: 7ffd3000-7ffccfff 0x0001/0x0000 0x0000000
126	13fc.f84: *7ffd9000-7ffd7fff 0x0004/0x0004 0x0020000
127	13fc.f84: 7ffda000-7ffd4fff 0x0001/0x0000 0x0000000
128	13fc.f84: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
129	13fc.f84: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
130	13fc.f84: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
131	13fc.f84: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS)
132	13fc.f84: VirtualBox.exe: timestamp 0x56743212 (rc=VINF_SUCCESS)
133	13fc.f84: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports
134	13fc.f84: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
135	13fc.f84: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
136	13fc.f84: supR3HardNtChildPurify: Done after 308 ms and 0 fixes (loop #0).
137	d64.1424: Log file opened: 5.0.12r104815 g_hStartupLog=00000004 g_uNtVerCombined=0x611db110
138	d64.1424: supR3HardenedVmProcessInit: uNtDllAddr=77d60000
139	d64.1424: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS)
140	d64.1424: New simple heap: #1 00300000 LB 0x400000 (for 1314816 allocation)
141	d64.1424: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox'
142	d64.1424: System32: \Device\HarddiskVolume1\Windows\System32
143	d64.1424: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
144	d64.1424: KnownDllPath: C:\Windows\system32
145	d64.1424: supR3HardenedVmProcessInit: Opening vboxdrv stub...
146	13fc.f84: supR3HardNtEnableThreadCreation:
147	d64.1424: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
148	d64.1424: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
149	d64.1424: Registered Dll notification callback with NTDLL.
150	d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
151	d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
152	d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
153	d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
154	d64.1424: supR3HardenedDllNotificationCallback: load 77c80000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
155	d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
156	d64.1424: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
157	d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
158	d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
159	d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll'
160	d64.1424: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0
161	d64.1424: \SystemRoot\System32\ntdll.dll:
162	d64.1424: CreationTime: 2015-11-11T01:40:25.748046800Z
163	d64.1424: LastWriteTime: 2015-10-20T00:48:47.299796500Z
164	d64.1424: ChangeTime: 2015-11-11T01:51:39.761718700Z
165	d64.1424: FileAttributes: 0x20
166	d64.1424: Size: 0x13f600
167	d64.1424: NT Headers: 0xd0
168	d64.1424: Timestamp: 0x56258dbb
169	d64.1424: Machine: 0x14c - i386
170	d64.1424: Timestamp: 0x56258dbb
171	d64.1424: Image Version: 6.1
172	d64.1424: SizeOfImage: 0x141000 (1314816)
173	d64.1424: Resource Dir: 0xe1000 LB 0x5a028
174	d64.1424: ProductName: Microsoft® Windows® Operating System
175	d64.1424: ProductVersion: 6.1.7601.19045
176	d64.1424: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
177	d64.1424: FileDescription: NT Layer DLL
178	13fc.f84: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 40 ms.
179	d64.1424: \SystemRoot\System32\kernel32.dll:
180	d64.1424: CreationTime: 2015-06-10T01:18:16.643554600Z
181	d64.1424: LastWriteTime: 2015-05-09T03:13:42.222000000Z
182	d64.1424: ChangeTime: 2015-06-11T00:25:36.694335900Z
183	d64.1424: FileAttributes: 0x20
184	d64.1424: Size: 0xd4000
185	d64.1424: NT Headers: 0xf0
186	d64.1424: Timestamp: 0x554d7aff
187	d64.1424: Machine: 0x14c - i386
188	d64.1424: Timestamp: 0x554d7aff
189	d64.1424: Image Version: 6.1
190	d64.1424: SizeOfImage: 0xd4000 (868352)
191	d64.1424: Resource Dir: 0xc7000 LB 0x528
192	d64.1424: ProductName: Microsoft® Windows® Operating System
193	d64.1424: ProductVersion: 6.1.7601.18847
194	d64.1424: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
195	d64.1424: FileDescription: Windows NT BASE API Client DLL
196	d64.1424: \SystemRoot\System32\KernelBase.dll:
197	d64.1424: CreationTime: 2015-06-10T01:18:16.706054600Z
198	d64.1424: LastWriteTime: 2015-05-09T03:13:42.222000000Z
199	d64.1424: ChangeTime: 2015-06-11T00:25:36.764648400Z
200	d64.1424: FileAttributes: 0x20
201	d64.1424: Size: 0x47a00
202	d64.1424: NT Headers: 0xe0
203	d64.1424: Timestamp: 0x554d7b00
204	d64.1424: Machine: 0x14c - i386
205	d64.1424: Timestamp: 0x554d7b00
206	d64.1424: Image Version: 6.1
207	d64.1424: SizeOfImage: 0x4b000 (307200)
208	d64.1424: Resource Dir: 0x47000 LB 0x530
209	d64.1424: ProductName: Microsoft® Windows® Operating System
210	d64.1424: ProductVersion: 6.1.7601.18847
211	d64.1424: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
212	d64.1424: FileDescription: Windows NT BASE API Client DLL
213	d64.1424: \SystemRoot\System32\apisetschema.dll:
214	d64.1424: CreationTime: 2015-11-11T01:40:23.794921800Z
215	d64.1424: LastWriteTime: 2015-10-20T00:35:03.776000000Z
216	d64.1424: ChangeTime: 2015-11-11T01:51:45.983398400Z
217	d64.1424: FileAttributes: 0x20
218	d64.1424: Size: 0x1a00
219	d64.1424: NT Headers: 0xc0
220	d64.1424: Timestamp: 0x56258c72
221	d64.1424: Machine: 0x14c - i386
222	d64.1424: Timestamp: 0x56258c72
223	d64.1424: Image Version: 6.1
224	d64.1424: SizeOfImage: 0x50000 (327680)
225	d64.1424: Resource Dir: 0x30000 LB 0x3f8
226	d64.1424: ProductName: Microsoft® Windows® Operating System
227	d64.1424: ProductVersion: 6.1.7601.19045
228	d64.1424: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
229	d64.1424: FileDescription: ApiSet Schema DLL
230	d64.1424: supR3HardenedWinFindAdversaries: 0x0
231	d64.1424: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox'
232	d64.1424: Calling main()
233	d64.1424: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
234	d64.1424: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox'
235	d64.1424: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports
236	d64.1424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe)
237	d64.1424: SUPR3HardenedMain: Respawn #2
238	d64.1424: supR3HardNtEnableThreadCreation:
239	d64.1424: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\embdtrst.dll)
240	d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\embdtrst.dll
241	d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\EmbdTrst.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d29f4:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
242	d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll [lacks WinVerifyTrust]
243	d64.1424: supR3HardenedDllNotificationCallback: load 75aa0000 LB 0x00005000 C:\Windows\system32\EmbdTrst.DLL [fFlags=0x0]
244	d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll [lacks WinVerifyTrust]
245	d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75aa0000 'C:\Windows\system32\EmbdTrst.DLL'
246	d64.1424: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
247	d64.1424: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
248	d64.1424: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
249	d64.1424: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
250	d64.1424: supR3HardenedDllNotificationCallback: load 759e0000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
251	d64.1424: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
252	d64.1424: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759e0000 'C:\Windows\system32\apphelp.dll'
253	d64.1424: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0
254	d64.1424: supR3HardenedWinDoReSpawn(2): New child 1478.1738 [kernel32].
255	d64.1424: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248
256	d64.1424: supR3HardNtPuChFindNtdll: uNtDllParentAddr=77d60000 uNtDllChildAddr=77d60000
257	d64.1424: supR3HardenedWinSetupChildInit: uLdrInitThunk=77dc3911
258	d64.1424: supR3HardenedWinSetupChildInit: Start child.
259	d64.1424: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 23 ms.
260	d64.1424: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 0 sleeps
261	d64.1424: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
262	d64.1424: *00000000-fffeffff 0x0001/0x0000 0x0000000
263	d64.1424: *00010000-fffeffff 0x0004/0x0004 0x0020000
264	d64.1424: *00030000-0002bfff 0x0002/0x0002 0x0040000
265	d64.1424: 00034000-00027fff 0x0001/0x0000 0x0000000
266	d64.1424: *00040000-0003efff 0x0004/0x0004 0x0020000
267	d64.1424: 00041000-00031fff 0x0001/0x0000 0x0000000
268	d64.1424: *00050000-fff52fff 0x0000/0x0004 0x0020000
269	d64.1424: 0014d000-0014afff 0x0104/0x0004 0x0020000
270	d64.1424: 0014f000-0014dfff 0x0004/0x0004 0x0020000
271	d64.1424: *00150000-0014efff 0x0004/0x0004 0x0020000
272	d64.1424: 00151000-ff0b1fff 0x0001/0x0000 0x0000000
273	d64.1424: *011f0000-011f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
274	d64.1424: 011f1000-01267fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
275	d64.1424: 01268000-01268fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
276	d64.1424: 01269000-012a2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
277	d64.1424: 012a3000-012a3fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
278	d64.1424: 012a4000-012a4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
279	d64.1424: 012a5000-012a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
280	d64.1424: 012a6000-012a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
281	d64.1424: 012a7000-012abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
282	d64.1424: 012ac000-012aefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
283	d64.1424: 012af000-012f2fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe
284	d64.1424: 012f3000-8a885fff 0x0001/0x0000 0x0000000
285	d64.1424: *77d60000-77d60fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
286	d64.1424: 77d61000-77e37fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
287	d64.1424: 77e38000-77e3dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
288	d64.1424: 77e3e000-77e3efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
289	d64.1424: 77e3f000-77e40fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
290	d64.1424: 77e41000-77ea0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
291	d64.1424: 77ea1000-77d81fff 0x0001/0x0000 0x0000000
292	d64.1424: *77fc0000-77fc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
293	d64.1424: 77fc1000-6ffe1fff 0x0001/0x0000 0x0000000
294	d64.1424: *7ffa0000-7ff6cfff 0x0002/0x0002 0x0040000
295	d64.1424: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000
296	d64.1424: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000
297	d64.1424: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
298	d64.1424: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
299	d64.1424: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
300	d64.1424: apisetschema.dll: timestamp 0x56258c72 (rc=VINF_SUCCESS)
301	d64.1424: VirtualBox.exe: timestamp 0x56743212 (rc=VINF_SUCCESS)
302	d64.1424: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports
303	d64.1424: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
304	d64.1424: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
305	d64.1424: supR3HardNtChildPurify: Done after 308 ms and 0 fixes (loop #0).
306	1478.1738: Log file opened: 5.0.12r104815 g_hStartupLog=00000004 g_uNtVerCombined=0x611db110
307	1478.1738: supR3HardenedVmProcessInit: uNtDllAddr=77d60000
308	1478.1738: ntdll.dll: timestamp 0x56258dbb (rc=VINF_SUCCESS)
309	1478.1738: New simple heap: #1 00260000 LB 0x400000 (for 1314816 allocation)
310	d64.1424: supR3HardenedEarlyCompact: Removed heap 1 (0x300000 LB 0x400000)
311	d64.1424: supR3HardNtEnableThreadCreation:
312	1478.1738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox'
313	1478.1738: System32: \Device\HarddiskVolume1\Windows\System32
314	1478.1738: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
315	1478.1738: KnownDllPath: C:\Windows\system32
316	1478.1738: supR3HardenedVmProcessInit: Opening vboxdrv...
317	1478.1738: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
318	1478.1738: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
319	1478.1738: Registered Dll notification callback with NTDLL.
320	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
321	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
322	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
323	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
324	1478.1738: supR3HardenedDllNotificationCallback: load 77c80000 LB 0x000d4000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
325	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
326	1478.1738: supR3HardenedDllNotificationCallback: load 75f80000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
327	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
328	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
329	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll'
330	1478.1738: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77dc3911 pvNtTerminateThread=77da69c0
331	d64.1424: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 64 ms.
332	1478.1738: \SystemRoot\System32\ntdll.dll:
333	1478.1738: CreationTime: 2015-11-11T01:40:25.748046800Z
334	1478.1738: LastWriteTime: 2015-10-20T00:48:47.299796500Z
335	1478.1738: ChangeTime: 2015-11-11T01:51:39.761718700Z
336	1478.1738: FileAttributes: 0x20
337	1478.1738: Size: 0x13f600
338	1478.1738: NT Headers: 0xd0
339	1478.1738: Timestamp: 0x56258dbb
340	1478.1738: Machine: 0x14c - i386
341	1478.1738: Timestamp: 0x56258dbb
342	1478.1738: Image Version: 6.1
343	1478.1738: SizeOfImage: 0x141000 (1314816)
344	1478.1738: Resource Dir: 0xe1000 LB 0x5a028
345	1478.1738: ProductName: Microsoft® Windows® Operating System
346	1478.1738: ProductVersion: 6.1.7601.19045
347	1478.1738: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
348	1478.1738: FileDescription: NT Layer DLL
349	1478.1738: \SystemRoot\System32\kernel32.dll:
350	1478.1738: CreationTime: 2015-06-10T01:18:16.643554600Z
351	1478.1738: LastWriteTime: 2015-05-09T03:13:42.222000000Z
352	1478.1738: ChangeTime: 2015-06-11T00:25:36.694335900Z
353	1478.1738: FileAttributes: 0x20
354	1478.1738: Size: 0xd4000
355	1478.1738: NT Headers: 0xf0
356	1478.1738: Timestamp: 0x554d7aff
357	1478.1738: Machine: 0x14c - i386
358	1478.1738: Timestamp: 0x554d7aff
359	1478.1738: Image Version: 6.1
360	1478.1738: SizeOfImage: 0xd4000 (868352)
361	1478.1738: Resource Dir: 0xc7000 LB 0x528
362	1478.1738: ProductName: Microsoft® Windows® Operating System
363	1478.1738: ProductVersion: 6.1.7601.18847
364	1478.1738: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
365	1478.1738: FileDescription: Windows NT BASE API Client DLL
366	1478.1738: \SystemRoot\System32\KernelBase.dll:
367	1478.1738: CreationTime: 2015-06-10T01:18:16.706054600Z
368	1478.1738: LastWriteTime: 2015-05-09T03:13:42.222000000Z
369	1478.1738: ChangeTime: 2015-06-11T00:25:36.764648400Z
370	1478.1738: FileAttributes: 0x20
371	1478.1738: Size: 0x47a00
372	1478.1738: NT Headers: 0xe0
373	1478.1738: Timestamp: 0x554d7b00
374	1478.1738: Machine: 0x14c - i386
375	1478.1738: Timestamp: 0x554d7b00
376	1478.1738: Image Version: 6.1
377	1478.1738: SizeOfImage: 0x4b000 (307200)
378	1478.1738: Resource Dir: 0x47000 LB 0x530
379	1478.1738: ProductName: Microsoft® Windows® Operating System
380	1478.1738: ProductVersion: 6.1.7601.18847
381	1478.1738: FileVersion: 6.1.7601.18847 (win7sp1_gdr.150508-1512)
382	1478.1738: FileDescription: Windows NT BASE API Client DLL
383	1478.1738: \SystemRoot\System32\apisetschema.dll:
384	1478.1738: CreationTime: 2015-11-11T01:40:23.794921800Z
385	1478.1738: LastWriteTime: 2015-10-20T00:35:03.776000000Z
386	1478.1738: ChangeTime: 2015-11-11T01:51:45.983398400Z
387	1478.1738: FileAttributes: 0x20
388	1478.1738: Size: 0x1a00
389	1478.1738: NT Headers: 0xc0
390	1478.1738: Timestamp: 0x56258c72
391	1478.1738: Machine: 0x14c - i386
392	1478.1738: Timestamp: 0x56258c72
393	1478.1738: Image Version: 6.1
394	1478.1738: SizeOfImage: 0x50000 (327680)
395	1478.1738: Resource Dir: 0x30000 LB 0x3f8
396	1478.1738: ProductName: Microsoft® Windows® Operating System
397	1478.1738: ProductVersion: 6.1.7601.19045
398	1478.1738: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
399	1478.1738: FileDescription: ApiSet Schema DLL
400	1478.1738: supR3HardenedWinFindAdversaries: 0x0
401	1478.1738: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\VirtualBox'
402	1478.1738: Calling main()
403	1478.1738: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
404	1478.1738: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\VirtualBox'
405	1478.1738: '\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe' has no imports
406	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.exe)
407	1478.1738: SUPR3HardenedMain: Final process, opening VBoxDrv...
408	1478.1738: supR3HardenedEarlyCompact: Removed heap 1 (0x260000 LB 0x400000)
409	1478.1738: supR3HardNtEnableThreadCreation:
410	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll)
411	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll
412	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling]
413	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
414	1478.1738: supR3HardenedDllNotificationCallback: load 74a90000 LB 0x00005000 C:\Program Files\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
415	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
416	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
417	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
418	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
419	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
420	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
421	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
422	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a90000 'C:\Program Files\VirtualBox\VBoxSupLib.DLL'
423	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
424	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
425	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
426	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
427	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
428	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
429	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
430	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
431	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
432	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
433	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
434	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
435	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
436	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
437	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
438	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
439	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
440	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
441	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
442	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
443	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
444	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
445	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
446	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
447	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
448	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
449	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
450	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
451	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
452	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
453	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling]
454	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
455	1478.1738: supR3HardenedDllNotificationCallback: load 75f10000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
456	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
457	1478.1738: supR3HardenedDllNotificationCallback: load 770e0000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
458	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
459	1478.1738: supR3HardenedDllNotificationCallback: load 75d90000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
460	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
461	1478.1738: supR3HardenedDllNotificationCallback: load 75d50000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
462	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
463	1478.1738: supR3HardenedDllNotificationCallback: load 77260000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
464	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
465	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\Wintrust.dll'
466	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
467	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
468	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d24c4:C:\Windows\system32 [calling]
469	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
470	1478.1738: supR3HardenedDllNotificationCallback: load 75710000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
471	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
472	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75710000 'C:\Windows\system32\bcrypt.dll'
473	1478.1738: bcrypt.dll loaded at 75710000, BCryptOpenAlgorithmProvider at 75712cda, preloading providers:
474	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
475	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
476	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
477	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
478	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
479	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
480	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
481	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
482	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
483	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
484	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
485	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
486	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
487	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
488	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
489	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
490	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
491	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
492	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
493	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
494	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
495	1478.1738: supR3HardenedDllNotificationCallback: load 75280000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
496	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
497	1478.1738: supR3HardenedDllNotificationCallback: load 77820000 LB 0x000a0000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
498	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
499	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
500	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
501	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
502	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
503	1478.1738: supR3HardenedDllNotificationCallback: load 77eb0000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
504	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
505	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75280000 'C:\Windows\system32\bcryptprimitives.dll'
506	1478.1738: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=007effe0)
507	1478.1738: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=007f0630)
508	1478.1738: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=007f13e8)
509	1478.1738: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=007eff38)
510	1478.1738: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=007f1538)
511	1478.1738: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=007f15d8)
512	1478.1738: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=007f1488)
513	1478.1738: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=007f1748)
514	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
515	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
516	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
517	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
518	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
519	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
520	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
521	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
522	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
523	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
524	1478.1738: supR3HardenedDllNotificationCallback: load 75590000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
525	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
526	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll'
527	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
528	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
529	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
530	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
531	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
532	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
533	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
534	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
535	1478.1738: supR3HardenedDllNotificationCallback: load 75340000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
536	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
537	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75340000 'C:\Windows\system32\rsaenh.dll'
538	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
539	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
540	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
541	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
542	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
543	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
544	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
545	1478.1738: supR3HardenedDllNotificationCallback: load 75a30000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
546	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
547	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a30000 'C:\Windows\system32\CRYPTBASE.dll'
548	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
549	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
550	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll'
551	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
552	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
553	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.DLL'
554	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
555	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
556	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\CRYPT32.dll'
557	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
558	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'.
559	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
560	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
561	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
562	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
563	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
564	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
565	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
566	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
567	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
568	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
569	1478.1738: supR3HardenedDllNotificationCallback: load 76070000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
570	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
571	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76070000 'C:\Windows\system32\imagehlp.dll'
572	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
573	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
574	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll'
575	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
576	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
577	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
578	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
579	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
580	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
581	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
582	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
583	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
584	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
585	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
586	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
587	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
588	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
589	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
590	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
591	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
592	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
593	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
594	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
595	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
596	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
597	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
598	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
599	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
600	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
601	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
602	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
603	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
604	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
605	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
606	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
607	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
608	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
609	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
610	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
611	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
612	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
613	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
614	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
615	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
616	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
617	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
618	1478.1738: supR3HardenedDllNotificationCallback: load 77190000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0]
619	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
620	1478.1738: supR3HardenedDllNotificationCallback: load 77bd0000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
621	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
622	1478.1738: supR3HardenedDllNotificationCallback: load 77ef0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0]
623	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
624	1478.1738: supR3HardenedDllNotificationCallback: load 77530000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
625	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
626	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
627	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
628	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
629	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
630	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
631	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
632	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
633	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
634	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
635	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
636	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
637	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
638	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
639	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
640	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
641	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
642	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
643	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
644	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
645	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
646	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
647	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
648	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
649	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
650	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
651	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
652	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
653	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
654	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
655	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
656	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
657	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
658	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
659	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
660	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
661	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
662	1478.1738: supR3HardenedDllNotificationCallback: load 77ed0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
663	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
664	1478.1738: supR3HardenedDllNotificationCallback: load 77460000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
665	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
666	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ed0000 'C:\Windows\system32\IMM32.DLL'
667	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.dll'
668	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
669	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
670	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
671	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
672	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
673	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
674	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
675	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
676	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
677	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
678	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
679	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
680	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
681	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
682	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
683	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
684	1478.1738: supR3HardenedDllNotificationCallback: load 75730000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
685	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
686	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75730000 'C:\Windows\system32\ncrypt.dll'
687	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
688	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
689	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75710000 'C:\Windows\system32\bcrypt.dll'
690	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'crypt32.dll'.
691	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
692	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp71.dll'.
693	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr71.dll'.
694	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\aetsprov.dll)
695	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aetsprov.dll
696	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr71.dll'...
697	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll' [rcNtRedir=0xc0150008]
698	1478.1738: \Device\HarddiskVolume1\Windows\System32\msvcr71.dll: Owner is administrators group.
699	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcr71.dll)
700	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcr71.dll
701	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp71.dll'...
702	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcp71.dll' [rcNtRedir=0xc0150008]
703	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr71.dll'.
704	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcp71.dll)
705	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcp71.dll
706	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
707	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
708	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
709	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
710	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
711	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
712	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr71.dll'...
713	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr71.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll' [rcNtRedir=0xc0150008]
714	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust]
715	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetsprov.dll (Input=aetsprov.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
716	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetsprov.dll [lacks WinVerifyTrust]
717	1478.1738: supR3HardenedDllNotificationCallback: load 10000000 LB 0x00012000 C:\Windows\system32\aetsprov.dll [fFlags=0x0]
718	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetsprov.dll [lacks WinVerifyTrust]
719	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcp71.dll [lacks WinVerifyTrust]
720	1478.1738: supR3HardenedDllNotificationCallback: load 7c3a0000 LB 0x0007b000 C:\Windows\system32\MSVCP71.dll [fFlags=0x0]
721	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcp71.dll [lacks WinVerifyTrust]
722	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust]
723	1478.1738: supR3HardenedDllNotificationCallback: load 7c340000 LB 0x00056000 C:\Windows\system32\MSVCR71.dll [fFlags=0x0]
724	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcr71.dll [lacks WinVerifyTrust]
725	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=10000000 'C:\Windows\system32\aetsprov.dll'
726	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'hid.dll'.
727	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'setupapi.dll'.
728	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winscard.dll'.
729	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
730	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
731	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
732	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcrt.dll'.
733	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
734	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll)
735	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll
736	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
737	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
738	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
739	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
740	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
741	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
742	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
743	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
744	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
745	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
746	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
747	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
748	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ole32.dll)
749	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
750	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
751	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
752	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
753	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
754	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
755	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
756	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winscard.dll'...
757	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winscard.dll' -> '\Device\HarddiskVolume1\Windows\System32\winscard.dll' [rcNtRedir=0xc0150008]
758	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
759	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
760	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\WinSCard.dll)
761	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\WinSCard.dll
762	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
763	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
764	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
765	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
766	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
767	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
768	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
769	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
770	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
771	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll)
772	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
773	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hid.dll'...
774	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'hid.dll' -> '\Device\HarddiskVolume1\Windows\System32\hid.dll' [rcNtRedir=0xc0150008]
775	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
776	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\hid.dll)
777	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hid.dll
778	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
779	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
780	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
781	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
782	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
783	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
784	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'.
785	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)
786	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
787	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
788	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
789	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
790	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
791	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
792	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
793	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
794	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll)
795	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
796	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
797	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
798	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
799	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
800	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
801	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
802	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
803	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
804	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
805	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
806	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
807	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
808	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
809	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
810	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
811	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
812	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
813	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)
814	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
815	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
816	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
817	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
818	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
819	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
820	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
821	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
822	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
823	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
824	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
825	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
826	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
827	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
828	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
829	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
830	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
831	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
832	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
833	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
834	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
835	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
836	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
837	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
838	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
839	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
840	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
841	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
842	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
843	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
844	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
845	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
846	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
847	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
848	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
849	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
850	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
851	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
852	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
853	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
854	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
855	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
856	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust]
857	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
858	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
859	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
860	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
861	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
862	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
863	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (Input=aetpkss1.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
864	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust]
865	1478.1738: supR3HardenedDllNotificationCallback: load 008d0000 LB 0x000c0000 C:\Windows\system32\aetpkss1.dll [fFlags=0x0]
866	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust]
867	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\hid.dll [lacks WinVerifyTrust]
868	1478.1738: supR3HardenedDllNotificationCallback: load 74630000 LB 0x00009000 C:\Windows\system32\HID.DLL [fFlags=0x0]
869	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\hid.dll [lacks WinVerifyTrust]
870	1478.1738: supR3HardenedDllNotificationCallback: load 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
871	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
872	1478.1738: supR3HardenedDllNotificationCallback: load 75d60000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
873	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
874	1478.1738: supR3HardenedDllNotificationCallback: load 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
875	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
876	1478.1738: supR3HardenedDllNotificationCallback: load 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
877	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [lacks WinVerifyTrust]
878	1478.1738: supR3HardenedDllNotificationCallback: load 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
879	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [lacks WinVerifyTrust]
880	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust]
881	1478.1738: supR3HardenedDllNotificationCallback: load 6b850000 LB 0x00023000 C:\Windows\system32\WinSCard.dll [fFlags=0x0]
882	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust]
883	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
884	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
885	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll'
886	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\WinSCard.dll [lacks WinVerifyTrust]
887	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winscard.dll (Input=winscard.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
888	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6b850000 'C:\Windows\system32\winscard.dll'
889	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
890	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
891	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
892	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\rpcrt4.dll'
893	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
894	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
895	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
896	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\winsta.dll)
897	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winsta.dll
898	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
899	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
900	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
901	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
902	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust]
903	1478.1738: supR3HardenedDllNotificationCallback: load 75220000 LB 0x00029000 C:\Windows\system32\WINSTA.dll [fFlags=0x0]
904	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust]
905	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75220000 'C:\Windows\system32\WINSTA.dll'
906	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
907	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
908	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
909	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
910	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
911	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
912	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\RPCRT4.dll'
913	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
914	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
915	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
916	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll)
917	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
918	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
919	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
920	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
921	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WTSAPI32.dll (Input=WTSAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
922	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust]
923	1478.1738: supR3HardenedDllNotificationCallback: load 741d0000 LB 0x0000d000 C:\Windows\system32\WTSAPI32.dll [fFlags=0x0]
924	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll [lacks WinVerifyTrust]
925	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=741d0000 'C:\Windows\system32\WTSAPI32.dll'
926	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\winsta.dll [lacks WinVerifyTrust]
927	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
928	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75220000 'C:\Windows\system32\WINSTA.dll'
929	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
930	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
931	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a30000 'C:\Windows\system32\CRYPTBASE.dll'
932	1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\aetcmgr.dll': 0 (NtPath=\??\C:\Windows\system32\aetcmgr.dll; Input=aetcmgr.dll; rcNtGetDll=0xc0000135
933	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetcmgr.dll (Input=aetcmgr.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
934	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\aetcmgr.dll'
935	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
936	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
937	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.dll'
938	1478.9e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust]
939	1478.9e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
940	1478.9e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll'
941	1478.123c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\aetpkss1.dll [lacks WinVerifyTrust]
942	1478.123c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aetpkss1.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
943	1478.123c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=008d0000 'C:\Windows\system32\aetpkss1.dll'
944	1478.123c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
945	1478.123c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
946	1478.123c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d60000 'C:\Windows\system32\CFGMGR32.dll'
947	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
948	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
949	1478.1738: supR3HardenedDllNotificationCallback: Unload 008d0000 LB 0x000c0000 C:\Windows\system32\aetpkss1.dll [flags=0x0]
950	1478.1738: supR3HardenedDllNotificationCallback: Unload 6b850000 LB 0x00023000 C:\Windows\system32\WinSCard.dll [flags=0x0]
951	1478.1738: supR3HardenedDllNotificationCallback: Unload 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [flags=0x0]
952	1478.1738: supR3HardenedDllNotificationCallback: Unload 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
953	1478.1738: supR3HardenedDllNotificationCallback: Unload 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
954	1478.1738: supR3HardenedDllNotificationCallback: Unload 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [flags=0x0]
955	1478.1738: supR3HardenedDllNotificationCallback: Unload 74630000 LB 0x00009000 C:\Windows\system32\HID.DLL [flags=0x0]
956	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
957	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
958	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'.
959	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
960	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
961	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
962	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
963	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
964	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
965	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
966	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
967	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
968	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
969	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
970	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
971	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
972	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
973	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
974	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
975	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
976	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
977	1478.1738: supR3HardenedDllNotificationCallback: load 75f50000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
978	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
979	1478.1738: supR3HardenedDllNotificationCallback: load 75d40000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0]
980	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
981	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f50000 'C:\Windows\system32\USERENV.dll'
982	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
983	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
984	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
985	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
986	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
987	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
988	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
989	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
990	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
991	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
992	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
993	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
994	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
995	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
996	1478.1738: supR3HardenedDllNotificationCallback: load 75160000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
997	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
998	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75160000 'C:\Windows\system32\GPAPI.dll'
999	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1000	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1001	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1002	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1003	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1004	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1005	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1006	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1007	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
1008	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
1009	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
1010	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1011	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1012	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1013	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1014	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
1015	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1016	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1017	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1018	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1019	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1020	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1021	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1022	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1023	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1024	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1025	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1026	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1027	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1028	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1029	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1030	1478.1738: supR3HardenedDllNotificationCallback: load 74310000 LB 0x0001c000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1031	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1032	1478.1738: supR3HardenedDllNotificationCallback: load 77f60000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1033	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1034	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1035	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1036	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1037	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1038	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1039	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1040	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1041	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1042	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1043	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1044	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1045	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1046	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1047	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1048	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1049	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1050	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1051	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1052	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1053	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1054	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1055	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1056	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1057	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1058	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1059	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1060	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1061	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1062	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1063	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1064	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
1065	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1066	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1067	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1068	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1069	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d40000 'C:\Windows\system32\profapi.dll'
1070	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1071	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1072	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1073	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
1074	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1075	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1076	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1077	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1078	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1079	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1080	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1081	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1082	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1083	1478.1738: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1084	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1085	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1086	1478.1738: supR3HardenedDllNotificationCallback: load 77f00000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1087	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1088	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77f00000 'C:\Windows\system32\SHLWAPI.dll'
1089	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
1090	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8
1091	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1092	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B4DF452093FDAA7DA713F106AEAB7D31AAA8BD52
1093	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1094	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1095	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1096	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1097	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1098	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1099	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1100	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
1101	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1102	1478.1738: g_pfnWinVerifyTrust=75f1273a
1103	1478.1738: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1104	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
1105	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1106	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1107	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5899593484521EBF43C3FBEF1689EAD74AD8ED7D
1108	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_212_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1109	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1110	1478.1738: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1111	1478.1738: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1112	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
1113	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1114	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1115	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD400B10391BF763CC5DFDE600010DE093424AAC
1116	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1117	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1118	1478.1738: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1119	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d8 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1120	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1121	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1122	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A
1123	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1124	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1125	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1126	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003d0 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1127	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1128	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1129	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7
1130	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1131	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1132	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1133	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000003cc pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1134	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1135	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1136	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89E77407A345B2D82F06806B31C1CEFF03A91A6A
1137	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1138	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1139	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1140	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002c4 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
1141	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1142	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1143	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD66D8D7C0A43466AD80C34E81C083C3C69E195B
1144	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1145	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1146	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1147	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1148	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001f4 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
1149	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1150	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1151	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276
1152	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1153	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1154	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1155	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000002a8 pwszName=\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
1156	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1157	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1158	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F4CA8ED9971898A1354BAFA77A2B8F365EA3253
1159	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll'
1160	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1161	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll'
1162	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000288 pwszName=\Device\HarddiskVolume1\Windows\System32\winsta.dll
1163	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1164	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1165	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29D5C8F591FC6F7EE578C50BD6A00D7CA9D895EA
1166	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_78_for_KB2984972~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\winsta.dll'
1167	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1168	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\winsta.dll'
1169	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ec pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
1170	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1171	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1172	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1
1173	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1174	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1175	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
1176	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e8 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1177	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1178	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1179	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCE31FDB944BBD2B4E378704B95BEA36085E5ADA
1180	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1181	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1182	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1183	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e4 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
1184	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1185	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1186	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A
1187	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1188	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1189	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll'
1190	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001e0 pwszName=\Device\HarddiskVolume1\Windows\System32\hid.dll
1191	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1192	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1193	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E5F4235484C3FBCB2819A1A717B284770C4D931
1194	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\hid.dll'
1195	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1196	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\hid.dll'
1197	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001dc pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
1198	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1199	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1200	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41
1201	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1202	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1203	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
1204	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d8 pwszName=\Device\HarddiskVolume1\Windows\System32\WinSCard.dll
1205	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1206	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1207	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=234ADBB040FD0895FB9B779EBA3E8643B2DFF5B7
1208	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\WinSCard.dll'
1209	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1210	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\WinSCard.dll'
1211	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d4 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
1212	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1213	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1214	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAF1DA7C8C4B3B49A52A2B8999865DEDC4F50EC6
1215	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3072633~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1216	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1217	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1218	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001d0 pwszName=\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll
1219	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1220	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1221	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E4A97B7FEC668CD1161913B473698DEFA1139F5
1222	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1223	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8
1224	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1225	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E4A97B7FEC668CD1161913B473698DEFA1139F5
1226	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1227	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8
1228	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1229	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=F98FC8B1EC7D4CC5EF5396839AF33D5720C4307F2EADAF3BA49A58419D3014C8
1230	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1231	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1232	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\aetpkss1.dll'
1233	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcp71.dll
1234	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1235	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1236	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F112F40980D4083D8E1244470CB24FAA67EF349
1237	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1238	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8
1239	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1240	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F112F40980D4083D8E1244470CB24FAA67EF349
1241	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1242	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8
1243	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1244	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=07083DEBB1416EAFE1C4F60AE2C95AFCCEA06F4A652D0304A881BC400A26BAB9
1245	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1246	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8
1247	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1248	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=07083DEBB1416EAFE1C4F60AE2C95AFCCEA06F4A652D0304A881BC400A26BAB9
1249	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1250	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1251	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcp71.dll'
1252	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c4 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcr71.dll
1253	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1254	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1255	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBCCF6326276B413A1ECED1BF7842A6D1DDA07
1256	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1257	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8
1258	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1259	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=33BBCCF6326276B413A1ECED1BF7842A6D1DDA07
1260	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1261	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8
1262	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1263	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C510B9C6EDE702F876D857BE2D8BB17EE4839324D54DF7F2150B70445F0055D9
1264	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1265	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8
1266	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1267	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=C510B9C6EDE702F876D857BE2D8BB17EE4839324D54DF7F2150B70445F0055D9
1268	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1269	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1270	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcr71.dll'
1271	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c0 pwszName=\Device\HarddiskVolume1\Windows\System32\aetsprov.dll
1272	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1273	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1274	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDA33A939001F972AE6BDDC723C7C9D8436B5B85
1275	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1276	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 00826fb8
1277	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1278	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DDA33A939001F972AE6BDDC723C7C9D8436B5B85
1279	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1280	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 008274c8
1281	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1282	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FADD9A489CC3C31A2E920F2B6548749CB7C7A5BE7FEB4ECC1C9503D67CCD1D58
1283	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1284	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: New context 008274c8
1285	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=008274c8
1286	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=FADD9A489CC3C31A2E920F2B6548749CB7C7A5BE7FEB4ECC1C9503D67CCD1D58
1287	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1288	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1289	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\aetsprov.dll'
1290	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001ac pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1291	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1292	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1293	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D56F0B10DF0BBC071EC3118E6BF4B9C85E433C99
1294	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1295	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1296	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1297	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
1298	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1299	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1300	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6
1301	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1302	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1303	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1304	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
1305	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1306	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1307	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C
1308	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1309	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1310	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1311	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
1312	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1313	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1314	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=620B58DF939ECB4E691974D32E1363C8F89396C3
1315	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1316	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1317	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1318	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
1319	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1320	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1321	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B69BB5E518E30563D5F105F9F5A9A0774CF902E
1322	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1323	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1324	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1325	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000180 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
1326	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1327	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1328	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F22A2FC845420DBD44B017133D50DFF33EE6D03F
1329	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1330	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1331	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1332	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000017c pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
1333	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1334	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1335	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=44098F3B14959897BB848F81A735A1BE83CB369F
1336	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
1337	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1338	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1339	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000178 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
1340	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1341	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1342	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8
1343	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1344	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1345	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1346	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1347	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1348	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1349	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=685A12871B04F122C1C6F2AA1E429C19211FCD8F
1350	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1351	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1352	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1353	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
1354	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000130 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
1355	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1356	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1357	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB
1358	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_113_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1359	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1360	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1361	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
1362	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1363	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1364	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78E9ABD813B4175EBA8EBD16ACB465E0E2FBF7F8
1365	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1366	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1367	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1368	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
1369	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1370	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1371	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126923AE273E77D7677F69E1B331A63871D998A
1372	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2882822~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1373	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1374	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1375	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
1376	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
1377	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1378	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1379	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071
1380	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1381	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1382	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1383	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1384	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1385	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1386	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F
1387	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1388	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1389	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1390	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
1391	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1392	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1393	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285
1394	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1395	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1396	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1397	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1398	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1399	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1400	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75EC13F04473FD191A7C44AD9A7C2B28A625D383
1401	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3101746~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1402	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1403	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1404	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSupLib.dll'
1405	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1406	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1407	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1408	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=992AF4E9EBEC265515EC875F6F2F14055D1D491D
1409	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1410	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1411	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1412	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
1413	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1414	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1415	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=84623A9DB7C87F822F9F509ECBD6D4DC753E6405
1416	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3063858~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1417	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1418	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1419	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1420	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0087393c:C:\Windows\system32 [calling]
1421	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\crypt32.dll'
1422	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1423	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA
1424	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7a39c7396be7e200 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net
1425	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1426	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1427	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x6cfe8a8d674bca10 O=Alibaba.com Corporation, OU=CA Center, CN=Alibaba.com Corporation Root CA
1428	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1429	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xcadc32c7ca6ffcfc CN=IcbcCA, O=icbc.com.cn
1430	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe20485f3b396a400 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent, CN=GoAgent
1431	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1432	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa7d940d543089e00 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net
1433	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1434	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4f482c5d9443c000 C=CN, O=Alipay.com Co.,Ltd, OU=www.alipay.com, CN=ALIPAY_ROOT
1435	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe7bda57c0ecbb00 CN=ICBC Root CA, O=Industrial and Commercial Bank of China
1436	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1437	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1438	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x34ccc8a2de87f407 C=CN, O=CFCA Root CA
1439	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x90d31b5ab79e90f8 CN=Personal ICBC CA, O=personal.icbc.com.cn
1440	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1441	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1442	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x17662ec1a961d300 C=CN, ST=Internet, L=Cernet, O=GoAgent, OU=GoAgent Root, CN=GoAgent XX-Net
1443	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1444	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1445	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1446	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1447	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1448	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1449	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1450	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1451	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1452	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
1453	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1454	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1455	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1456	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1457	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1458	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc48cebc8db05b000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Global Root CA
1459	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1460	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1461	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1462	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1463	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1464	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1465	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1466	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1467	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1468	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
1469	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1470	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1471	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1472	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1473	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1474	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1475	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1476	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1477	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1478	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1479	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
1480	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1481	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1482	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1483	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
1484	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1485	1478.1738: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1486	1478.1738: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=64
1487	1478.1738: SUPR3HardenedMain: Load Runtime...
1488	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1489	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1490	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1491	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1492	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll) WinVerifyTrust
1493	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1494	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1495	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1496	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1497	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1498	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000450 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1499	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1500	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1501	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2535224DB54945234E1A0C452639FCBB02F5F364
1502	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1503	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1504	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1505	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1506	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'.
1507	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
1508	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1509	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1510	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1511	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1512	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll) WinVerifyTrust
1513	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1514	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1515	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1516	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll) WinVerifyTrust
1517	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1518	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1519	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1520	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1521	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1522	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1523	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
1524	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1525	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1526	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2
1527	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1528	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1529	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
1530	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
1531	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1532	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1533	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1534	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1535	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
1536	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1537	1478.1738: supR3HardenedDllNotificationCallback: load 6d470000 LB 0x00441000 C:\Program Files\VirtualBox\VBoxRT.dll [fFlags=0x0]
1538	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1539	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1540	1478.1738: supR3HardenedDllNotificationCallback: load 6e7c0000 LB 0x000bf000 C:\Program Files\VirtualBox\MSVCR100.dll [fFlags=0x0]
1541	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1542	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1543	1478.1738: supR3HardenedDllNotificationCallback: load 6ebe0000 LB 0x00069000 C:\Program Files\VirtualBox\MSVCP100.dll [fFlags=0x0]
1544	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1545	1478.1738: supR3HardenedDllNotificationCallback: load 775e0000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1546	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1547	1478.1738: supR3HardenedDllNotificationCallback: load 775d0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1548	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
1549	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1550	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1551	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1552	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1553	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1554	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1555	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1556	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1557	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1558	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1559	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1560	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1561	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1562	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1563	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1564	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1565	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1566	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1567	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1568	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1569	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1570	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1571	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1572	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1573	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1574	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1575	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1576	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1577	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1578	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1579	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1580	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1581	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1582	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1583	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1584	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1585	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1586	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1587	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1588	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1589	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1590	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1591	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1592	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxRT.dll
1593	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=007d280c:C:\Program Files\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files\Python\;C:\Program Files\Python\Scripts;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem [calling]
1594	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1595	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1596	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1597	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d470000 'C:\Program Files\VirtualBox\VBoxRT.dll'
1598	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
1599	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008739fc:C:\Windows\system32 [calling]
1600	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\Wintrust.dll'
1601	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1602	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008739fc:C:\Windows\system32 [calling]
1603	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\crypt32.dll'
1604	1478.1738: SUPR3HardenedMain: Load TrustedMain...
1605	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1606	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1607	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1608	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
1609	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
1610	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'.
1611	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'.
1612	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
1613	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
1614	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
1615	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1616	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1617	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1618	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1619	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'comdlg32.dll'.
1620	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'winmm.dll'.
1621	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll) WinVerifyTrust
1622	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll
1623	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1624	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1625	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004bc pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
1626	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1627	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1628	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD
1629	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1630	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1631	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1632	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1633	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
1634	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
1635	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1636	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1637	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004a8 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1638	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1639	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1640	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614
1641	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1642	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1643	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1644	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1645	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1646	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1647	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1648	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1649	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
1650	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1651	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1652	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1653	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1654	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1655	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1656	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1657	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1658	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1659	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004c8 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
1660	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1661	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1662	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7E0E9506F317BDB184E9D79C726FEC46DD5C742F
1663	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1664	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1665	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1666	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1667	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1668	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1669	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
1670	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
1671	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1672	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1673	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1674	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1675	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1676	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1677	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1678	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1679	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1680	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1681	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1682	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1683	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1684	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1685	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1686	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll
1687	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1688	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1689	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1690	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1691	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1692	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1693	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1694	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1695	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1696	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1697	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1698	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1699	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1700	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1701	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1702	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1703	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll
1704	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1705	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1706	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1707	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1708	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1709	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1710	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1711	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1712	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1713	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll
1714	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1715	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1716	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1717	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1718	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1719	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1720	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1721	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1722	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1723	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1724	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1725	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1726	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
1727	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1728	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1729	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1730	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1731	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004f8 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
1732	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1733	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1734	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F
1735	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1736	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1737	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1738	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1739	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1740	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1741	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1742	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1743	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
1744	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1745	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1746	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1747	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1748	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1749	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004fc pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
1750	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1751	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1752	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33
1753	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1754	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1755	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1756	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1757	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1758	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1759	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1760	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1761	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
1762	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1763	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1764	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1765	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
1766	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1767	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1768	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0
1769	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-Graphics-Platform~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1770	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1771	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1772	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1773	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1774	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
1775	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
1776	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1777	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1778	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1779	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1780	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1781	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1782	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1783	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1784	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1785	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1786	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1787	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1788	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
1789	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll) WinVerifyTrust
1790	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll
1791	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1792	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1793	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1794	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1795	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1796	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1797	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1798	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1799	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1800	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1801	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1802	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1803	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1804	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1805	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1806	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1807	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1808	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1809	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1810	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1811	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1812	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1813	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1814	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1815	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
1816	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1817	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1818	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll
1819	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1820	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1821	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1822	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1823	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1824	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1825	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1826	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1827	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1828	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1829	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1830	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1831	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1832	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000518 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
1833	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1834	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1835	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222
1836	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
1837	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1838	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1839	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1840	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1841	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
1842	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
1843	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1844	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1845	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
1846	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1847	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1848	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
1849	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1850	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1851	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1852	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1853	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1854	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1855	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1856	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1857	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1858	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1859	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
1860	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1861	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1862	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll
1863	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1864	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1865	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll
1866	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1867	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1868	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1869	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1870	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1871	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1872	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1873	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1874	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1875	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1876	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1877	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1878	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1879	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1880	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1881	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1882	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1883	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1884	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1885	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1886	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1887	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1888	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
1889	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1890	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1891	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
1892	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
1893	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1894	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1895	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1896	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1897	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust
1898	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
1899	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1900	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1901	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1902	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1903	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1904	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1905	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1906	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1907	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1908	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1909	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1910	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1911	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1912	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1913	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1914	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1915	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1916	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1917	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1918	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1919	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1920	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1921	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1922	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1923	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1924	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1925	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1926	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
1927	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1928	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1929	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1930	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1931	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1932	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1933	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1934	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1935	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1936	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1937	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1938	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1939	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1940	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1941	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1942	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1943	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1944	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2DD0519DFAD1ED741C9324879C92EC15A9FFB8D0
1945	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1946	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1947	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1948	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1949	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1950	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust
1951	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1952	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1953	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1954	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
1955	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1956	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1957	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1958	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1959	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000524 pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
1960	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
1961	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
1962	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0121BFD26E8D5A165F8B76EDF84833D970DB8D96
1963	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~x86~~6.1.1.4.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
1964	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1965	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1966	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1967	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1968	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust
1969	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
1970	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1971	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1972	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1973	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1974	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1975	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1976	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1977	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1978	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1979	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1980	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1981	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1982	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1983	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1984	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1985	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1986	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
1987	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll
1988	1478.1738: supR3HardenedDllNotificationCallback: load 6baf0000 LB 0x009ae000 C:\Program Files\VirtualBox\VirtualBox.dll [fFlags=0x0]
1989	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VirtualBox.dll
1990	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1991	1478.1738: supR3HardenedDllNotificationCallback: load 6e6f0000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1992	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1993	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
1994	1478.1738: supR3HardenedDllNotificationCallback: load 710c0000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1995	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
1996	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1997	1478.1738: supR3HardenedDllNotificationCallback: load 6e600000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1998	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1999	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2000	1478.1738: supR3HardenedDllNotificationCallback: load 72f40000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2001	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2002	1478.1738: supR3HardenedDllNotificationCallback: load 77a30000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2003	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2004	1478.1738: supR3HardenedDllNotificationCallback: load 760a0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2005	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2006	1478.1738: supR3HardenedDllNotificationCallback: load 778c0000 LB 0x0015c000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2007	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2008	1478.1738: supR3HardenedDllNotificationCallback: load 75ef0000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2009	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
2010	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2011	1478.1738: supR3HardenedDllNotificationCallback: load 74510000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2012	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2013	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2014	1478.1738: supR3HardenedDllNotificationCallback: load 6e3d0000 LB 0x00229000 C:\Program Files\VirtualBox\VBoxVMM.dll [fFlags=0x0]
2015	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2016	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll
2017	1478.1738: supR3HardenedDllNotificationCallback: load 72dc0000 LB 0x00007000 C:\Program Files\VirtualBox\VBoxREM.dll [fFlags=0x0]
2018	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM.dll
2019	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll
2020	1478.1738: supR3HardenedDllNotificationCallback: load 6dd00000 LB 0x00274000 C:\Program Files\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
2021	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtCoreVBox4.dll
2022	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll
2023	1478.1738: supR3HardenedDllNotificationCallback: load 6a170000 LB 0x00810000 C:\Program Files\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
2024	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtGuiVBox4.dll
2025	1478.1738: supR3HardenedDllNotificationCallback: load 76130000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2026	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
2027	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2028	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2029	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2030	1478.1738: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll)
2031	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
2032	1478.1738: supR3HardenedDllNotificationCallback: load 71250000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0]
2033	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust]
2034	1478.1738: supR3HardenedDllNotificationCallback: load 761b0000 LB 0x00c4b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2035	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2036	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2037	1478.1738: supR3HardenedDllNotificationCallback: load 72eb0000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2038	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2039	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2040	1478.1738: supR3HardenedDllNotificationCallback: load 72520000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2041	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2042	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll
2043	1478.1738: supR3HardenedDllNotificationCallback: load 6e300000 LB 0x000c1000 C:\Program Files\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
2044	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\QtOpenGLVBox4.dll
2045	1478.1738: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'.
2046	1478.1738: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled]
2047	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
2048	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2049	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2050	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2051	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2052	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2053	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2054	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c02f4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2055	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77ed0000 'C:\Windows\system32\imm32.dll'
2056	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6baf0000 'C:\Program Files\VirtualBox\VirtualBox.dll'
2057	1478.1738: SUPR3HardenedMain: Calling TrustedMain (6baf10f0)...
2058	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2059	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2060	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
2061	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2062	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2063	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll'
2064	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2065	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2066	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll'
2067	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005d0 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2068	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2069	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2070	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD
2071	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
2072	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2073	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2074	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2075	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2076	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
2077	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2078	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2079	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2080	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2081	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2082	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2083	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2084	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2085	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2086	1478.1738: supR3HardenedDllNotificationCallback: load 74a50000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2087	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2088	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll'
2089	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2090	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2091	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll'
2092	1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2093	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2094	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2095	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll'
2096	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2097	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2098	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74a50000 'C:\Windows\system32\uxtheme.dll'
2099	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll'
2100	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
2101	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\advapi32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2102	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\advapi32.dll'
2103	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
2104	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2105	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f50000 'C:\Windows\system32\userenv.dll'
2106	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2107	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2108	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32\kernel32.dll'
2109	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000614 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2110	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2111	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2112	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E
2113	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AppSupport-ComPlus~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
2114	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2115	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2116	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2117	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2118	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2119	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2120	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2121	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
2122	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2123	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2124	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2125	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2126	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2127	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2128	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2129	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2130	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2131	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2132	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2133	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2134	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2135	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2136	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2137	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2138	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2139	1478.1738: supR3HardenedDllNotificationCallback: load 77040000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
2140	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2141	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77040000 'C:\Windows\system32\CLBCatQ.DLL'
2142	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
2143	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
2144	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2145	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75590000 'C:\Windows\system32\CRYPTSP.dll'
2146	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000063c pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2147	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2148	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2149	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA
2150	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
2151	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2152	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
2153	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2154	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2155	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2156	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2157	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
2158	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2159	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2160	1478.1738: supR3HardenedDllNotificationCallback: load 75ab0000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
2161	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2162	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75ab0000 'C:\Windows\system32\RpcRtRemote.dll'
2163	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2164	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2165	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'psapi.dll'.
2166	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2167	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxrt.dll'.
2168	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2169	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'version.dll'.
2170	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2171	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2172	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'oleaut32.dll'.
2173	1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll) WinVerifyTrust
2174	1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll
2175	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2176	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2177	1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2178	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2179	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2180	1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2181	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2182	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2183	1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2184	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2185	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2186	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000680 pwszName=\Device\HarddiskVolume1\Windows\System32\version.dll
2187	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2188	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2189	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87F58E3B93CDFEB987BC8B5880D3F0366E3D8203
2190	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\version.dll'
2191	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2192	1478.5b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2193	1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\version.dll) WinVerifyTrust
2194	1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\version.dll
2195	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2196	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2197	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2198	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2199	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2200	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2201	1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2202	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2203	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2204	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000690 pwszName=\Device\HarddiskVolume1\Windows\System32\psapi.dll
2205	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2206	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2207	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B8C4B546A3AFC4BE73BF28FF4C3BEDCA0C703EA7
2208	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\psapi.dll'
2209	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2210	1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\psapi.dll) WinVerifyTrust
2211	1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\psapi.dll
2212	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2213	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2214	1478.5b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
2215	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2216	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2217	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2218	1478.5b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2219	1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=024a558c:C:\Program Files\VirtualBox;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2220	1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll
2221	1478.5b0: supR3HardenedDllNotificationCallback: load 6cf70000 LB 0x004f4000 C:\Program Files\VirtualBox\VBoxC.dll [fFlags=0x0]
2222	1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll
2223	1478.5b0: supR3HardenedDllNotificationCallback: load 77a20000 LB 0x00005000 C:\Windows\system32\PSAPI.DLL [fFlags=0x0]
2224	1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll
2225	1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
2226	1478.5b0: supR3HardenedDllNotificationCallback: load 75020000 LB 0x00009000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
2227	1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
2228	1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cf70000 'C:\Program Files\VirtualBox\VBoxC.dll'
2229	1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2230	1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=c:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5f4c:c:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2231	1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'c:\Windows\system32\oleaut32.dll'
2232	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000684 pwszName=\Device\HarddiskVolume1\Windows\System32\sxs.dll
2233	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2234	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2235	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=79CE8A02BDEAE624679BB2A7290B3C61ADC51853
2236	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\sxs.dll'
2237	1478.5b0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2238	1478.5b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\sxs.dll) WinVerifyTrust
2239	1478.5b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sxs.dll
2240	1478.5b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2241	1478.5b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll
2242	1478.5b0: supR3HardenedDllNotificationCallback: load 75a40000 LB 0x0005f000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
2243	1478.5b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\sxs.dll
2244	1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75a40000 'C:\Windows\system32\SXS.DLL'
2245	1478.5b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
2246	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2247	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c04d4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2248	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll'
2249	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
2250	1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2251	1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2252	1478.12ec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2253	1478.12ec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll) WinVerifyTrust
2254	1478.12ec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
2255	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2256	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2257	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2258	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2259	1478.12ec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2260	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2261	1478.12ec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2262	1478.12ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2263	1478.12ec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
2264	1478.12ec: supR3HardenedDllNotificationCallback: load 71f20000 LB 0x00006000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [fFlags=0x0]
2265	1478.12ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.dll
2266	1478.12ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71f20000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxPuelMain.DLL'
2267	1478.1738: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
2268	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2269	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
2270	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
2271	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2272	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll'
2273	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2274	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2275	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll'
2276	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\embdtrst.dll) WinVerifyTrust
2277	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\embdtrst.dll
2278	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\EmbdTrst.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c036c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2279	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll
2280	1478.1738: supR3HardenedDllNotificationCallback: load 75aa0000 LB 0x00005000 C:\Windows\system32\EmbdTrst.DLL [fFlags=0x0]
2281	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\embdtrst.dll
2282	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75aa0000 'C:\Windows\system32\EmbdTrst.DLL'
2283	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000a94 pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll
2284	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2285	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2286	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=308EF32EE8A807D1479CBD7E70222AD12B53DBAC
2287	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
2288	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2289	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) WinVerifyTrust
2290	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
2291	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2292	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
2293	1478.1738: supR3HardenedDllNotificationCallback: load 759e0000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2294	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
2295	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759e0000 'C:\Windows\system32\apphelp.dll'
2296	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
2297	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msctf.dll
2298	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5eac:C:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2299	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77460000 'C:\Windows\system32\MSCTF.dll'
2300	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
2301	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll'
2302	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ac4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2303	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2304	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2305	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFAE9B283A50E4A3D49C9E7E37A89888A2B4A44D
2306	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
2307	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2308	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2309	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2310	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2311	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2312	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2313	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2314	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2315	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2316	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2317	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2318	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2319	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2320	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2321	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2322	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2323	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2324	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2325	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2326	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2327	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000acc pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2328	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2329	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2330	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E79947DA232978EB549EB8D34A29D88973B71D91
2331	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
2332	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2333	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2334	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2335	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2336	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2337	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2338	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
2339	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2340	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2341	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2342	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2343	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2344	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2345	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2346	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2347	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2348	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2349	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2350	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2351	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2352	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2353	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2354	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2355	1478.1738: supR3HardenedDllNotificationCallback: load 72990000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2356	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2357	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2358	1478.1738: supR3HardenedDllNotificationCallback: load 70f60000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
2359	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2360	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72990000 'C:\Windows\system32\wbem\wbemprox.dll'
2361	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af4 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2362	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2363	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2364	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3338693857D113001E407F1B201A10C276605B11
2365	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
2366	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2367	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2368	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2369	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2370	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2371	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2372	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2373	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2374	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2375	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2376	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2377	1478.1738: supR3HardenedDllNotificationCallback: load 6fe80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2378	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2379	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fe80000 'C:\Windows\system32\wbem\wbemsvc.dll'
2380	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ae8 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2381	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2382	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2383	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8BC82FF6EDA44F553393099F53D4AED926C6283B
2384	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
2385	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2386	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2387	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2388	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2389	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2390	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2391	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2392	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2393	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2394	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2395	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2396	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000af8 pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2397	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2398	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2399	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BD41341CF1BA6E0043138C5705ABB177F2ED6AAD
2400	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
2401	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2402	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2403	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2404	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'ws2_32.dll'.
2405	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
2406	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2407	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2408	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2409	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2410	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2411	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2412	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2413	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2414	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2415	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2416	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2417	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2418	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2419	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2420	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2421	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2422	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2423	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2424	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2425	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=02521be4:C:\Windows\system32\wbem;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2426	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2427	1478.1738: supR3HardenedDllNotificationCallback: load 701e0000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2428	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2429	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2430	1478.1738: supR3HardenedDllNotificationCallback: load 701c0000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2431	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2432	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=701e0000 'C:\Windows\system32\wbem\fastprox.dll'
2433	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll'
2434	1478.1738: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir]
2435	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust]
2436	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000528 pwszName=\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
2437	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2438	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2439	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
2440	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2441	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2442	1478.1738: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2443	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2444	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71250000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
2445	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.DLL'
2446	1478.12f8: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys: Owner is administrators group.
2447	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2448	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ndis.sys'.
2449	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'hal.dll'.
2450	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys)
2451	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys
2452	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys [avoiding WinVerifyTrust]
2453	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2454	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2455	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ndis.sys'.
2456	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'netio.sys'.
2457	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys)
2458	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys
2459	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys [avoiding WinVerifyTrust]
2460	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2461	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2462	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys)
2463	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys
2464	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys [avoiding WinVerifyTrust]
2465	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2466	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2467	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys)
2468	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys
2469	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys [avoiding WinVerifyTrust]
2470	1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxDrv.sys'
2471	1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxUSBMon.sys'
2472	1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetLwf.sys'
2473	1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\drivers\VBoxNetAdp6.sys'
2474	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ba0 pwszName=\Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2475	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2476	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2477	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EEE76D5DBE9352B9FB1F4A2B953AA4EDA6294F66
2478	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\netcfgx.dll'
2479	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2480	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2481	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2482	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2483	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2484	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2485	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2486	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'slc.dll'.
2487	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'nsi.dll'.
2488	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2489	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\netcfgx.dll) WinVerifyTrust
2490	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2491	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2492	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2493	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bb8 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2494	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2495	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2496	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FAD8C6B06A9984F1082FA7D63E0B3AAABCA210F6
2497	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
2498	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2499	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2500	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2501	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2502	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2503	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2504	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2505	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2506	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2507	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2508	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'slc.dll'...
2509	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'slc.dll' -> '\Device\HarddiskVolume1\Windows\System32\slc.dll' [rcNtRedir=0xc0150008]
2510	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2511	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\slc.dll) WinVerifyTrust
2512	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\slc.dll
2513	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2514	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2515	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2516	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2517	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2518	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2519	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2520	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2521	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2522	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2523	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2524	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2525	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2526	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2527	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2528	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2529	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'kdcom.dll'.
2530	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'pshed.dll'.
2531	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\hal.dll) WinVerifyTrust
2532	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\hal.dll
2533	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2534	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2535	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'pshed.dll'.
2536	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2537	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'bootvid.dll'.
2538	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'kdcom.dll'.
2539	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'clfs.sys'.
2540	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ci.dll'.
2541	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe) WinVerifyTrust
2542	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2543	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2544	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2545	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2546	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2547	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2548	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2549	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2550	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2551	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2552	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2553	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ndis.sys'.
2554	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msrpc.sys'.
2555	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys) WinVerifyTrust
2556	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys
2557	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2558	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2559	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2560	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2561	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'netio.sys'.
2562	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys) WinVerifyTrust
2563	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys
2564	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2565	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2566	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2567	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2568	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2569	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2570	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2571	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2572	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2573	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2574	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2575	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys
2576	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2577	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2578	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2579	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netio.sys'...
2580	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'netio.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\netio.sys' [rcNtRedir=0xc0150008]
2581	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\netio.sys
2582	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2583	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2584	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2585	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2586	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2587	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2588	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msrpc.sys'...
2589	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msrpc.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys' [rcNtRedir=0xc0150008]
2590	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2591	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c07a4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2592	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32\shell32.dll'
2593	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\user32.dll'
2594	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2595	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c07a4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2596	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\WINMM.dll'
2597	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2598	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys) WinVerifyTrust
2599	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\drivers\msrpc.sys
2600	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ndis.sys'...
2601	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ndis.sys' -> '\Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys' [rcNtRedir=0xc0150008]
2602	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\drivers\ndis.sys
2603	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2604	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2605	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2606	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2607	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2608	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2609	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ci.dll'...
2610	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ci.dll' -> '\Device\HarddiskVolume1\Windows\System32\ci.dll' [rcNtRedir=0xc0150008]
2611	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2612	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ci.dll) WinVerifyTrust
2613	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ci.dll
2614	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'clfs.sys'...
2615	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'clfs.sys' -> '\Device\HarddiskVolume1\Windows\System32\clfs.sys' [rcNtRedir=0xc0150008]
2616	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2617	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2618	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clfs.sys) WinVerifyTrust
2619	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clfs.sys
2620	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2621	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2622	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2623	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2624	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\kdcom.dll) WinVerifyTrust
2625	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kdcom.dll
2626	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bootvid.dll'...
2627	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bootvid.dll' -> '\Device\HarddiskVolume1\Windows\System32\bootvid.dll' [rcNtRedir=0xc0150008]
2628	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2629	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2630	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL) WinVerifyTrust
2631	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\BOOTVID.DLL
2632	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2633	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2634	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2635	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2636	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2637	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ntoskrnl.exe'.
2638	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'hal.dll'.
2639	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\PSHED.DLL) WinVerifyTrust
2640	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\PSHED.DLL
2641	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'pshed.dll'...
2642	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'pshed.dll' -> '\Device\HarddiskVolume1\Windows\System32\pshed.dll' [rcNtRedir=0xc0150008]
2643	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\PSHED.DLL
2644	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'kdcom.dll'...
2645	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'kdcom.dll' -> '\Device\HarddiskVolume1\Windows\System32\kdcom.dll' [rcNtRedir=0xc0150008]
2646	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kdcom.dll
2647	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2648	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2649	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2650	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2651	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2652	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2653	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2654	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2655	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2656	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bd8 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
2657	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2658	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2659	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83FA279A149B092654B141C0063E129F0A8FF628
2660	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
2661	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2662	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2663	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2664	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2665	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
2666	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2667	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2668	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2669	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2670	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2671	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2672	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2673	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2674	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2675	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2676	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2677	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2678	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2679	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2680	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2681	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2682	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2683	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2684	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2685	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2686	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2687	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\hal.dll
2688	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2689	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2690	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe
2691	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2692	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2693	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2694	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2695	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'hal.dll'...
2696	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'hal.dll' -> '\Device\HarddiskVolume1\Windows\System32\hal.dll' [rcNtRedir=0xc0150008]
2697	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2698	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2699	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2700	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2701	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntoskrnl.exe'...
2702	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntoskrnl.exe' -> '\Device\HarddiskVolume1\Windows\System32\ntoskrnl.exe' [rcNtRedir=0xc0150008]
2703	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=c:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5f4c:c:\Windows\system32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2704	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2705	1478.12f8: supR3HardenedDllNotificationCallback: load 70040000 LB 0x00067000 c:\Windows\system32\netcfgx.dll [fFlags=0x0]
2706	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
2707	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\slc.dll
2708	1478.12f8: supR3HardenedDllNotificationCallback: load 75ac0000 LB 0x0000a000 c:\Windows\system32\slc.dll [fFlags=0x0]
2709	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\slc.dll
2710	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2711	1478.12f8: supR3HardenedDllNotificationCallback: load 75ae0000 LB 0x0001c000 c:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2712	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2713	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2714	1478.12f8: supR3HardenedDllNotificationCallback: load 75ad0000 LB 0x00007000 c:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2715	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2716	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70040000 'c:\Windows\system32\netcfgx.dll'
2717	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2718	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c045c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2719	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77a30000 'C:\Windows\system32\SETUPAPI.dll'
2720	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2721	1478.12f8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll)
2722	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll
2723	1478.12f8: supR3HardenedDllNotificationCallback: load 752f0000 LB 0x0000e000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2724	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2725	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000bf4 pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll
2726	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2727	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2728	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD89866352298A7134AB5603177CD257C074D584
2729	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
2730	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2731	1478.12f8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
2732	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
2733	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2734	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2735	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c045c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2736	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.dll'
2737	1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2738	1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2739	1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2740	1478.1374: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2741	1478.1374: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2742	1478.1374: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll
2743	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2744	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2745	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2746	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2747	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2748	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2749	1478.1374: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2750	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2751	1478.1374: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2752	1478.1374: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2753	1478.1374: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll
2754	1478.1374: supR3HardenedDllNotificationCallback: load 71ef0000 LB 0x00009000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2755	1478.1374: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedClipboard.dll
2756	1478.1374: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71ef0000 'C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL'
2757	1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2758	1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2759	1478.14ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2760	1478.14ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2761	1478.14ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
2762	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2763	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2764	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2765	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2766	1478.14ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
2767	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2768	1478.14ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2769	1478.14ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2770	1478.14ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
2771	1478.14ac: supR3HardenedDllNotificationCallback: load 71cc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2772	1478.14ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDragAndDropSvc.dll
2773	1478.14ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71cc0000 'C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL'
2774	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2775	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2776	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2777	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2778	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2779	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2780	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2781	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2782	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2783	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll
2784	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2785	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2786	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2787	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2788	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2789	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2790	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2791	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2792	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2793	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2794	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2795	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2796	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2797	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2798	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2799	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll) WinVerifyTrust
2800	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll
2801	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2802	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2803	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
2804	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2805	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2806	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2807	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2808	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2809	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2810	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2811	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2812	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2813	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll
2814	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2815	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2816	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2817	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2818	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2819	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2820	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2821	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2822	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2823	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2824	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2825	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2826	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2827	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2828	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2829	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2830	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2831	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2832	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2833	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2834	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2835	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2836	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll
2837	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2838	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2839	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll
2840	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2841	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll
2842	1478.9c8: supR3HardenedDllNotificationCallback: load 6ce70000 LB 0x000f5000 C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2843	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedCrOpenGL.dll
2844	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll
2845	1478.9c8: supR3HardenedDllNotificationCallback: load 6fa70000 LB 0x00028000 C:\Program Files\VirtualBox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2846	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll
2847	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll
2848	1478.9c8: supR3HardenedDllNotificationCallback: load 705a0000 LB 0x00020000 C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll [fFlags=0x0]
2849	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll
2850	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ce70000 'C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL'
2851	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLrenderspu.dll
2852	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2853	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=705a0000 'C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll'
2854	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2855	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2856	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2857	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll
2858	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2859	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2860	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhostcrutil.dll
2861	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2862	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2863	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2864	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll
2865	1478.9c8: supR3HardenedDllNotificationCallback: load 6e2e0000 LB 0x00018000 C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2866	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll
2867	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e2e0000 'C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll'
2868	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2869	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2870	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2871	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32/opengl32.dll'
2872	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2873	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2874	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
2875	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
2876	1478.9c8: \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll: Owner is administrators group.
2877	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000ce4 pwszName=\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll
2878	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2879	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2880	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03769D8751BBC06AB5619759077C96B60ED5A5AE
2881	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll'
2882	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2883	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2884	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2885	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2886	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2887	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atiglpxx.dll) WinVerifyTrust
2888	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll
2889	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2890	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2891	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2892	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2893	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2894	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2895	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2896	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2897	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atiglpxx.dll (Input=atiglpxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2898	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll
2899	1478.9c8: supR3HardenedDllNotificationCallback: load 71900000 LB 0x00007000 C:\Windows\system32\atiglpxx.dll [fFlags=0x0]
2900	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiglpxx.dll
2901	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71900000 'C:\Windows\system32\atiglpxx.dll'
2902	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
2903	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
2904	1478.9c8: \Device\HarddiskVolume1\Windows\System32\atioglxx.dll: Owner is administrators group.
2905	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000cf4 pwszName=\Device\HarddiskVolume1\Windows\System32\atioglxx.dll
2906	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2907	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2908	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9985F26015F75CEB4B1FFEF19AD43BD3AF321EAF
2909	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atioglxx.dll'
2910	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2911	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2912	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2913	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
2914	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2915	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'setupapi.dll'.
2916	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atioglxx.dll) WinVerifyTrust
2917	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atioglxx.dll
2918	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2919	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2920	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2921	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2922	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2923	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
2924	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
2925	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
2926	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2927	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2928	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
2929	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2930	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2931	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atioglxx.dll (Input=atioglxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2932	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atioglxx.dll
2933	1478.9c8: supR3HardenedDllNotificationCallback: load 05220000 LB 0x01325000 C:\Windows\system32\atioglxx.dll [fFlags=0x0]
2934	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atioglxx.dll
2935	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2936	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c03e4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
2937	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74510000 'C:\Windows\system32\dwmapi.dll'
2938	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=05220000 'C:\Windows\system32\atioglxx.dll'
2939	1478.9c8: \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll: Owner is administrators group.
2940	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000cfc pwszName=\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll
2941	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2942	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2943	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C59BE65C08685C3D59A5BF216A68FA08E32B741
2944	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll'
2945	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2946	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2947	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2948	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shell32.dll'.
2949	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2950	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
2951	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2952	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'userenv.dll'.
2953	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'wtsapi32.dll'.
2954	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'setupapi.dll'.
2955	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'psapi.dll'.
2956	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wsock32.dll'.
2957	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atiadlxx.dll) WinVerifyTrust
2958	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll
2959	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wsock32.dll'...
2960	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wsock32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wsock32.dll' [rcNtRedir=0xc0150008]
2961	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d00 pwszName=\Device\HarddiskVolume1\Windows\System32\wsock32.dll
2962	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
2963	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
2964	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=56BB5C6675EB09C55A32018F501B6713429C47BC
2965	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\wsock32.dll'
2966	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2967	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ws2_32.dll'.
2968	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2969	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wsock32.dll) WinVerifyTrust
2970	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wsock32.dll
2971	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'psapi.dll'...
2972	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'psapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\psapi.dll' [rcNtRedir=0xc0150008]
2973	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\psapi.dll
2974	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2975	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2976	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2977	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2978	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2979	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wtsapi32.dll
2980	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
2981	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
2982	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
2983	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2984	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2985	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2986	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2987	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2988	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2989	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2990	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2991	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2992	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2993	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2994	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2995	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2996	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2997	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2998	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2999	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3000	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3001	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
3002	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atiadlxx.dll (Input=atiadlxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3003	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll
3004	1478.9c8: supR3HardenedDllNotificationCallback: load 6dc20000 LB 0x00062000 C:\Windows\system32\atiadlxx.dll [fFlags=0x0]
3005	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atiadlxx.dll
3006	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wsock32.dll
3007	1478.9c8: supR3HardenedDllNotificationCallback: load 75b00000 LB 0x00007000 C:\Windows\system32\WSOCK32.dll [fFlags=0x0]
3008	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wsock32.dll
3009	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc20000 'C:\Windows\system32\atiadlxx.dll'
3010	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3011	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3012	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3013	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3014	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3015	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3016	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3017	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3018	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3019	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3020	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3021	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3022	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3023	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3024	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3025	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3026	1478.9c8: \Device\HarddiskVolume1\Windows\System32\atigktxx.dll: Owner is administrators group.
3027	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d04 pwszName=\Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3028	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3029	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3030	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=56EBCF42541BF6BB9018C654ABAD26EFD910D0F7
3031	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\atigktxx.dll'
3032	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3033	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3034	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
3035	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
3036	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'version.dll'.
3037	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\atigktxx.dll) WinVerifyTrust
3038	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3039	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
3040	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume1\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
3041	1478.9c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\version.dll
3042	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3043	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3044	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3045	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3046	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3047	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3048	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atigktxx.dll (Input=atigktxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3049	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3050	1478.9c8: supR3HardenedDllNotificationCallback: load 74aa0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [fFlags=0x0]
3051	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3052	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74aa0000 'C:\Windows\system32\atigktxx.dll'
3053	1478.9c8: \Device\HarddiskVolume1\Windows\System32\aticfx32.dll: Owner is administrators group.
3054	1478.9c8: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b010a (CERT_E_CHAINING) on '\Device\HarddiskVolume1\Windows\System32\aticfx32.dll'
3055	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000d08 pwszName=\Device\HarddiskVolume1\Windows\System32\aticfx32.dll
3056	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3057	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3058	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ECEEF84C8C9EF7243B7B94EB76F26F52D85109D1
3059	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x47f; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\oem2.CAT'; file='\Device\HarddiskVolume1\Windows\System32\aticfx32.dll'
3060	1478.9c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (was CERT_E_CHAINING)
3061	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3062	1478.9c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3063	1478.9c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\aticfx32.dll) WinVerifyTrust
3064	1478.9c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\aticfx32.dll
3065	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3066	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3067	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3068	1478.9c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3069	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aticfx32.dll (Input=aticfx32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3070	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll
3071	1478.9c8: supR3HardenedDllNotificationCallback: load 6ef00000 LB 0x000e6000 C:\Windows\system32\aticfx32.dll [fFlags=0x0]
3072	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll
3073	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ef00000 'C:\Windows\system32\aticfx32.dll'
3074	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3075	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3076	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3077	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3078	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3079	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3080	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3081	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3082	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3083	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3084	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3085	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3086	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3087	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3088	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3089	1478.9c8: supR3HardenedDllNotificationCallback: Unload 74aa0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [flags=0x0]
3090	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3091	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\atigktxx.dll (Input=atigktxx.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3092	1478.9c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3093	1478.9c8: supR3HardenedDllNotificationCallback: load 714a0000 LB 0x0000b000 C:\Windows\system32\atigktxx.dll [fFlags=0x0]
3094	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\atigktxx.dll
3095	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=714a0000 'C:\Windows\system32\atigktxx.dll'
3096	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\aticfx32.dll
3097	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\aticfx32.dll (Input=aticfx32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3098	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ef00000 'C:\Windows\system32\aticfx32.dll'
3099	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3100	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
3101	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.DLL (Input=USER32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3102	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3103	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3104	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3105	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3106	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3107	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3108	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3109	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3110	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77190000 'C:\Windows\system32\USER32.DLL'
3111	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3112	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bd0000 'C:\Windows\system32\gdi32.dll'
3113	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
3114	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.DLL (Input=OPENGL32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3115	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.DLL'
3116	1478.9c8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\perf.dll': 0 (NtPath=\??\C:\Windows\system32\perf.dll; Input=perf.dll; rcNtGetDll=0xc0000135
3117	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\perf.dll (Input=perf.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3118	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\perf.dll'
3119	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3120	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3121	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3122	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3123	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3124	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3125	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3126	1478.9c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
3127	1478.9c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3128	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3129	1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3130	1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3131	1478.92c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3132	1478.92c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
3133	1478.92c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll
3134	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3135	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3136	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3137	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3138	1478.92c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll
3139	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3140	1478.92c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3141	1478.92c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3142	1478.92c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll
3143	1478.92c: supR3HardenedDllNotificationCallback: load 710b0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
3144	1478.92c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestPropSvc.dll
3145	1478.92c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=710b0000 'C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL'
3146	1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3147	1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
3148	1478.151c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3149	1478.151c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
3150	1478.151c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll
3151	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3152	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3153	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
3154	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
3155	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3156	1478.151c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3157	1478.151c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3158	1478.151c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll
3159	1478.151c: supR3HardenedDllNotificationCallback: load 70ff0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
3160	1478.151c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxGuestControlSvc.dll
3161	1478.151c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70ff0000 'C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL'
3162	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
3163	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3164	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761b0000 'C:\Windows\system32/Shell32.dll'
3165	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
3166	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3167	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
3168	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
3169	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3170	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d40000 'C:\Windows\system32\profapi.dll'
3171	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3172	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3173	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3174	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3175	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
3176	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
3177	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll) WinVerifyTrust
3178	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3179	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3180	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3181	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3182	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3183	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3184	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3185	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3186	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3187	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3188	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3189	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxVMM.dll
3190	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3191	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3192	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3193	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3194	1478.12f8: supR3HardenedDllNotificationCallback: load 6ee90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [fFlags=0x0]
3195	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3196	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6ee90000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL'
3197	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6ee90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [flags=0x0]
3198	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
3199	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3200	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
3201	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
3202	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll) WinVerifyTrust
3203	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll
3204	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3205	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3206	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3207	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3208	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3209	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3210	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3211	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3212	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxREM64.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3213	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll
3214	1478.12f8: supR3HardenedDllNotificationCallback: load 6a020000 LB 0x0014c000 C:\Program Files\VirtualBox\VBoxREM64.DLL [fFlags=0x0]
3215	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxREM64.dll
3216	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6a020000 'C:\Program Files\VirtualBox\VBoxREM64.DLL'
3217	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3218	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3219	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3220	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
3221	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
3222	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3223	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3224	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
3225	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
3226	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
3227	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll) WinVerifyTrust
3228	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll
3229	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
3230	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
3231	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
3232	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3233	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3234	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3235	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3236	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3237	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3238	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
3239	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3240	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3241	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
3242	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
3243	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3244	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3245	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3246	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll) WinVerifyTrust
3247	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll
3248	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
3249	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
3250	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3251	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3252	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3253	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
3254	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'newdev.dll'.
3255	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
3256	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll) WinVerifyTrust
3257	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll
3258	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3259	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3260	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3261	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3262	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3263	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3264	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3265	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3266	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'newdev.dll'...
3267	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'newdev.dll' -> '\Device\HarddiskVolume1\Windows\System32\newdev.dll' [rcNtRedir=0xc0150008]
3268	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000e90 pwszName=\Device\HarddiskVolume1\Windows\System32\newdev.dll
3269	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3270	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3271	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A76062289DF8B2E5D6ADEB5E71265D9C24321CC3
3272	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume1\Windows\System32\newdev.dll'
3273	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3274	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3275	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3276	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3277	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3278	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'uxtheme.dll'.
3279	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'cfgmgr32.dll'.
3280	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'setupapi.dll'.
3281	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\newdev.dll) WinVerifyTrust
3282	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\newdev.dll
3283	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3284	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3285	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
3286	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3287	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3288	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3289	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3290	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3291	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3292	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3293	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3294	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3295	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3296	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3297	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3298	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3299	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3300	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
3301	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
3302	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
3303	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'uxtheme.dll'...
3304	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'uxtheme.dll' -> '\Device\HarddiskVolume1\Windows\System32\uxtheme.dll' [rcNtRedir=0xc0150008]
3305	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
3306	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3307	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3308	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3309	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3310	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3311	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3312	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3313	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3314	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3315	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll
3316	1478.12f8: supR3HardenedDllNotificationCallback: load 68d10000 LB 0x00864000 C:\Program Files\VirtualBox\VBoxDD.DLL [fFlags=0x0]
3317	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD.dll
3318	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll
3319	1478.12f8: supR3HardenedDllNotificationCallback: load 6e1e0000 LB 0x0004f000 C:\Program Files\VirtualBox\VBoxDDU.dll [fFlags=0x0]
3320	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDDU.dll
3321	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll
3322	1478.12f8: supR3HardenedDllNotificationCallback: load 72690000 LB 0x0004f000 C:\Windows\system32\newdev.dll [fFlags=0x0]
3323	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\newdev.dll
3324	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll
3325	1478.12f8: supR3HardenedDllNotificationCallback: load 6dcc0000 LB 0x00032000 C:\Program Files\VirtualBox\VBoxDD2.dll [fFlags=0x0]
3326	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll
3327	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=68d10000 'C:\Program Files\VirtualBox/VBoxDD.DLL'
3328	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3329	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3330	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3331	1478.12f8: supR3HardenedDllNotificationCallback: load 6dc90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [fFlags=0x0]
3332	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.dll
3333	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc90000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxHostWebcam.DLL'
3334	1478.dc0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760a0000 'C:\Windows\system32\OLEAUT32.dll'
3335	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll
3336	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3337	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxC.dll
3338	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cf70000 'C:\Program Files\VirtualBox/VBoxC.DLL'
3339	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll
3340	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3341	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxDD2.dll
3342	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dcc0000 'C:\Program Files\VirtualBox/VBoxDD2.DLL'
3343	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3344	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3345	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3346	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll) WinVerifyTrust
3347	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll
3348	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3349	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3350	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3351	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3352	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3353	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3354	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3355	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll
3356	1478.12f8: supR3HardenedDllNotificationCallback: load 6eea0000 LB 0x00015000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.DLL [fFlags=0x0]
3357	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.dll
3358	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6eea0000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxEhciR3.DLL'
3359	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3360	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3361	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3362	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll) WinVerifyTrust
3363	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll
3364	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3365	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3366	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3367	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3368	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3369	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3370	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3371	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll
3372	1478.12f8: supR3HardenedDllNotificationCallback: load 70590000 LB 0x0000f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
3373	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.dll
3374	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70590000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbCardReaderR3.DLL'
3375	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3376	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3377	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3378	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll) WinVerifyTrust
3379	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll
3380	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3381	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3382	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3383	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3384	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3385	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3386	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3387	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll
3388	1478.12f8: supR3HardenedDllNotificationCallback: load 70550000 LB 0x00010000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.DLL [fFlags=0x0]
3389	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.dll
3390	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70550000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VBoxUsbWebcamR3.DLL'
3391	1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3392	1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
3393	1478.f64: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
3394	1478.f64: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
3395	1478.f64: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll
3396	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3397	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3398	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3399	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3400	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3401	1478.f64: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3402	1478.f64: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3403	1478.f64: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll
3404	1478.f64: supR3HardenedDllNotificationCallback: load 6fce0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
3405	1478.f64: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\VBoxSharedFolders.dll
3406	1478.f64: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6fce0000 'C:\Program Files\VirtualBox\VBoxSharedFolders.DLL'
3407	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3408	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3409	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3410	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
3411	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
3412	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll) WinVerifyTrust
3413	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll
3414	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3415	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3416	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
3417	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3418	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3419	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3420	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3421	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3422	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
3423	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3424	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
3425	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3426	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll
3427	1478.12f8: supR3HardenedDllNotificationCallback: load 6e140000 LB 0x00093000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.DLL [fFlags=0x0]
3428	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VDPluginCrypt.dll
3429	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e140000 'C:\Program Files\VirtualBox/ExtensionPacks/Oracle_VM_VirtualBox_Extension_Pack/win.x86/VDPluginCrypt.DLL'
3430	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f3c pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
3431	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3432	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3433	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21B33CF8A06799AF36E2D0016F2A5AC0D97B1C05
3434	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
3435	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3436	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3437	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3438	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3439	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3440	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3441	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
3442	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
3443	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
3444	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
3445	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
3446	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f48 pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll
3447	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3448	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3449	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7DE33595D32B0157063D86824D96D15D1D9B85F8
3450	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll'
3451	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3452	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3453	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3454	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3455	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
3456	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
3457	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3458	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3459	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3460	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3461	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3462	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3463	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3464	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3465	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3466	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3467	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3468	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3469	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3470	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3471	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3472	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3473	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3474	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3475	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3476	1478.12f8: supR3HardenedDllNotificationCallback: load 6cdf0000 LB 0x00072000 C:\Windows\system32\dsound.dll [fFlags=0x0]
3477	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3478	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
3479	1478.12f8: supR3HardenedDllNotificationCallback: load 71c90000 LB 0x00025000 C:\Windows\system32\POWRPROF.dll [fFlags=0x0]
3480	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
3481	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3482	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3483	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\system32\dsound.dll'
3484	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\system32/dsound.dll'
3485	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f6c pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3486	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3487	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3488	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A16340019E7F842E4BF56032BF9419CEB94E308
3489	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll'
3490	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3491	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3492	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3493	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3494	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
3495	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3496	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3497	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
3498	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
3499	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f50 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll
3500	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3501	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3502	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39F69E4150BBCFAB9B7D272CB7F7566E77AF0F26
3503	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-EmbeddedCore-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll'
3504	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3505	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3506	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3507	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
3508	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3509	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3510	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
3511	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
3512	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3513	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3514	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3515	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3516	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3517	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3518	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3519	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3520	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3521	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3522	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3523	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3524	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3525	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3526	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3527	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3528	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3529	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3530	1478.12f8: supR3HardenedDllNotificationCallback: load 74530000 LB 0x00039000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
3531	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3532	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
3533	1478.12f8: supR3HardenedDllNotificationCallback: load 74930000 LB 0x000f5000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
3534	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
3535	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77820000 'C:\Windows\system32\ADVAPI32.dll'
3536	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\System32\MMDevApi.dll'
3537	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
3538	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77a30000 'C:\Windows\system32\SETUPAPI.dll'
3539	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
3540	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3541	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77f00000 'C:\Windows\system32\SHLWAPI.dll'
3542	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3543	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3544	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\system32\MMDEVAPI.DLL'
3545	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
3546	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3547	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3548	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3549	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3550	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
3551	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3552	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77eb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
3553	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77260000 'C:\Windows\system32\RPCRT4.dll'
3554	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3555	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3556	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74530000 'C:\Windows\system32\MMDevAPI.DLL'
3557	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f98 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3558	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3559	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3560	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4254EC416559B4A64F5A9B6B15BF9ABA3A523A8
3561	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
3562	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3563	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3564	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3565	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3566	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3567	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3568	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ksuser.dll'.
3569	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'mmdevapi.dll'.
3570	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'avrt.dll'.
3571	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
3572	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3573	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3574	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3575	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000f68 pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll
3576	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3577	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3578	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4DE9938619CA34D8AB667314479368251A80309D
3579	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll'
3580	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3581	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
3582	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
3583	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3584	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3585	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3586	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3587	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3588	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fa8 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll
3589	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3590	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3591	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27461195FDA1028613EB103E644A96D64E32EC75
3592	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WinEmb-AV-Core~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll'
3593	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3594	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3595	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
3596	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3597	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3598	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3599	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3600	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3601	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3602	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3603	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3604	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3605	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3606	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3607	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3608	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3609	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3610	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3611	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3612	1478.12f8: supR3HardenedDllNotificationCallback: load 724f0000 LB 0x00030000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
3613	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3614	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3615	1478.12f8: supR3HardenedDllNotificationCallback: load 718f0000 LB 0x00004000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
3616	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3617	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3618	1478.12f8: supR3HardenedDllNotificationCallback: load 724d0000 LB 0x00007000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
3619	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3620	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3621	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3622	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3623	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3624	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3625	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c06b4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3626	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3627	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3628	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3629	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3630	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3631	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c05c4:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3632	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3633	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fac pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3634	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3635	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3636	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=29EB271C656F27DF10164B84692A17D171E07B18
3637	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_153_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll'
3638	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3639	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3640	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3641	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3642	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3643	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3644	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3645	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3646	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
3647	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3648	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3649	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3650	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3651	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3652	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3653	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3654	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3655	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3656	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3657	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3658	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3659	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3660	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3661	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3662	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3663	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3664	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3665	1478.12f8: supR3HardenedDllNotificationCallback: load 73300000 LB 0x00036000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
3666	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3667	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73300000 'C:\Windows\system32\AUDIOSES.DLL'
3668	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3669	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0984:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3670	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3671	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3672	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008bfebc:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3673	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3674	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3675	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3676	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3677	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724f0000 'C:\Windows\system32\wdmaud.drv'
3678	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fcc pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
3679	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3680	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3681	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A5713EF7E40CCD29B21B2EB6B66D2F9430B21CEA
3682	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
3683	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3684	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3685	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3686	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3687	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3688	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3689	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
3690	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3691	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3692	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3693	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3694	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3695	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3696	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fe0 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll
3697	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3698	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3699	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89F1B652F75B0ADD8E12409835E5A467A4A5132A
3700	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll'
3701	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3702	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3703	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3704	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3705	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3706	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3707	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
3708	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3709	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3710	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3711	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3712	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3713	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3714	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3715	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3716	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3717	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3718	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3719	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3720	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3721	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3722	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3723	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3724	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3725	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3726	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3727	1478.12f8: supR3HardenedDllNotificationCallback: load 72590000 LB 0x00008000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
3728	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3729	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3730	1478.12f8: supR3HardenedDllNotificationCallback: load 71f70000 LB 0x00014000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
3731	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3732	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3733	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3734	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3735	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3736	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3737	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3738	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3739	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3740	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3741	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3742	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3743	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3744	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3745	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3746	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3747	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3748	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3749	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3750	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3751	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3752	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3753	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72590000 'C:\Windows\system32\msacm32.drv'
3754	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000fd8 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
3755	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3756	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3757	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5036FF0D7DA44D9D1865A8199BB777EB13FF84EE
3758	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
3759	1478.12f8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3760	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3761	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3762	1478.12f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3763	1478.12f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
3764	1478.12f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
3765	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3766	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3767	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3768	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3769	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3770	1478.12f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3771	1478.12f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
3772	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3773	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3774	1478.12f8: supR3HardenedDllNotificationCallback: load 72580000 LB 0x00007000 C:\Windows\system32\midimap.dll [fFlags=0x0]
3775	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3776	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll'
3777	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3778	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3779	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll'
3780	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3781	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3782	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll'
3783	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3784	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3785	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72580000 'C:\Windows\system32\midimap.dll'
3786	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3787	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3788	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3789	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=778c0000 'C:\Windows\system32\ole32.dll'
3790	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3791	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3792	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e724:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3793	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3794	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3795	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3796	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3797	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3798	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3799	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3800	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3801	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3802	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cdf0000 'C:\Windows\System32\dsound.dll'
3803	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3804	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3805	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3806	1478.de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3807	1478.de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008b5fec:C:\Windows\System32;C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3808	1478.de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73300000 'C:\Windows\System32\audioses.dll'
3809	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3810	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72eb0000 'C:\Windows\system32\winmm.dll'
3811	1478.12f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3812	1478.12f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256e904:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3813	1478.12f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
3814	1478.12f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77c80000 'C:\Windows\system32/kernel32.dll'
3815	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000b20 pwszName=\Device\HarddiskVolume1\Windows\System32\mscms.dll
3816	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3817	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3818	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
3819	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0256eb5c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3820	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75f10000 'C:\Windows\system32\WINTRUST.DLL'
3821	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
3822	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0256eb5c:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3823	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75d90000 'C:\Windows\system32\CRYPT32.dll'
3824	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5F71A76E21B72F2699E1D2DFFD9B5F7E0901418C
3825	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74310000 'C:\Windows\system32\cryptnet.dll'
3826	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\mscms.dll'
3827	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3828	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3829	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
3830	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3831	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3832	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mscms.dll) WinVerifyTrust
3833	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mscms.dll
3834	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3835	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3836	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3837	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3838	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
3839	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume1\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
3840	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
3841	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3842	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3843	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3844	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll
3845	1478.1738: supR3HardenedDllNotificationCallback: load 71030000 LB 0x00079000 C:\Windows\system32\mscms.dll [fFlags=0x0]
3846	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll
3847	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=71030000 'C:\Windows\system32\mscms.dll'
3848	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000113c pwszName=\Device\HarddiskVolume1\Windows\System32\icm32.dll
3849	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00826fb8
3850	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00826fb8
3851	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F1E50BC8E3F6E3FC4EF4F36F1F082B464110CD9
3852	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Embedded-Features-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\icm32.dll'
3853	1478.1738: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3854	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3855	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
3856	1478.1738: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
3857	1478.1738: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\icm32.dll) WinVerifyTrust
3858	1478.1738: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\icm32.dll
3859	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3860	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3861	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
3862	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume1\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
3863	1478.1738: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mscms.dll
3864	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3865	1478.1738: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3866	1478.1738: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3867	1478.1738: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\icm32.dll
3868	1478.1738: supR3HardenedDllNotificationCallback: load 6cc90000 LB 0x00038000 C:\Windows\system32\icm32.dll [fFlags=0x0]
3869	1478.1738: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\icm32.dll
3870	1478.1738: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6cc90000 'C:\Windows\system32\icm32.dll'
3871	1478.173c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3872	1478.173c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=008c0024:C:\Program Files\VirtualBox;C:\Windows\system32 [calling]
3873	1478.173c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=724d0000 'C:\Windows\system32\avrt.dll'
3874	1478.f64: supR3HardenedDllNotificationCallback: Unload 6fce0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
3875	1478.151c: supR3HardenedDllNotificationCallback: Unload 70ff0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
3876	1478.92c: supR3HardenedDllNotificationCallback: Unload 710b0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
3877	1478.9c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6e6f0000 'C:\Windows\system32\OPENGL32.dll'
3878	1478.9c8: supR3HardenedDllNotificationCallback: Unload 6e2e0000 LB 0x00018000 C:\Program Files\VirtualBox\VBoxOGLhosterrorspu.dll [flags=0x0]
3879	1478.9c8: supR3HardenedDllNotificationCallback: Unload 6ce70000 LB 0x000f5000 C:\Program Files\VirtualBox\VBoxSharedCrOpenGL.DLL [flags=0x0]
3880	1478.9c8: supR3HardenedDllNotificationCallback: Unload 705a0000 LB 0x00020000 C:\Program Files\VirtualBox\VBoxOGLrenderspu.dll [flags=0x0]
3881	1478.9c8: supR3HardenedDllNotificationCallback: Unload 6fa70000 LB 0x00028000 C:\Program Files\VirtualBox\VBoxOGLhostcrutil.dll [flags=0x0]
3882	1478.14ac: supR3HardenedDllNotificationCallback: Unload 71cc0000 LB 0x0000c000 C:\Program Files\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
3883	1478.1374: supR3HardenedDllNotificationCallback: Unload 71ef0000 LB 0x00009000 C:\Program Files\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
3884	1478.12f8: supR3HardenedDllNotificationCallback: Unload 70550000 LB 0x00010000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbWebcamR3.DLL [flags=0x0]
3885	1478.12f8: supR3HardenedDllNotificationCallback: Unload 70590000 LB 0x0000f000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxUsbCardReaderR3.DLL [flags=0x0]
3886	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6eea0000 LB 0x00015000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxEhciR3.DLL [flags=0x0]
3887	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6dc90000 LB 0x0002d000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxHostWebcam.DLL [flags=0x0]
3888	1478.12f8: supR3HardenedDllNotificationCallback: Unload 68d10000 LB 0x00864000 C:\Program Files\VirtualBox\VBoxDD.DLL [flags=0x0]
3889	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6dcc0000 LB 0x00032000 C:\Program Files\VirtualBox\VBoxDD2.dll [flags=0x0]
3890	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6e1e0000 LB 0x0004f000 C:\Program Files\VirtualBox\VBoxDDU.dll [flags=0x0]
3891	1478.12f8: supR3HardenedDllNotificationCallback: Unload 72690000 LB 0x0004f000 C:\Windows\system32\newdev.dll [flags=0x0]
3892	1478.12f8: supR3HardenedDllNotificationCallback: Unload 6a020000 LB 0x0014c000 C:\Program Files\VirtualBox\VBoxREM64.DLL [flags=0x0]
3893	1478.1738: supR3HardenedDllNotificationCallback: Unload 71f20000 LB 0x00006000 C:\Program Files\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.x86\VBoxPuelMain.DLL [flags=0x0]
3894	1478.1738: supR3HardenedDllNotificationCallback: Unload 70040000 LB 0x00067000 c:\Windows\system32\netcfgx.dll [flags=0x0]
3895	1478.1738: supR3HardenedDllNotificationCallback: Unload 75ae0000 LB 0x0001c000 c:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
3896	1478.1738: supR3HardenedDllNotificationCallback: Unload 75ad0000 LB 0x00007000 c:\Windows\system32\WINNSI.DLL [flags=0x0]
3897	1478.1738: supR3HardenedDllNotificationCallback: Unload 75ac0000 LB 0x0000a000 c:\Windows\system32\slc.dll [flags=0x0]
3898	1478.1738: supR3HardenedDllNotificationCallback: Unload 701e0000 LB 0x00096000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
3899	1478.1738: supR3HardenedDllNotificationCallback: Unload 701c0000 LB 0x00018000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
3900	1478.1738: supR3HardenedDllNotificationCallback: Unload 6fe80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
3901	1478.1738: supR3HardenedDllNotificationCallback: Unload 72990000 LB 0x0000a000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
3902	1478.1738: supR3HardenedDllNotificationCallback: Unload 70f60000 LB 0x0005c000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
3903	1478.1738: supR3HardenedDllNotificationCallback: Unload 6cf70000 LB 0x004f4000 C:\Program Files\VirtualBox\VBoxC.dll [flags=0x0]
3904	1478.1738: Terminating the normal way: rcExit=0
3905	d64.1424: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 262063 ms, the end);
3906	13fc.f84: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 262537 ms, the end);

Download in other formats:

Original Format