Ticket #15711: VBoxHardening.log

File VBoxHardening.log, 210.8 KB (added by Solrac42, 9 years ago)

Line
1	660.72c: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	660.72c: \SystemRoot\System32\ntdll.dll:
3	660.72c: CreationTime: 2015-12-02T14:02:30.662842700Z
4	660.72c: LastWriteTime: 2015-10-20T01:09:05.164170200Z
5	660.72c: ChangeTime: 2015-12-02T15:48:45.539639700Z
6	660.72c: FileAttributes: 0x20
7	660.72c: Size: 0x1a67c0
8	660.72c: NT Headers: 0xe0
9	660.72c: Timestamp: 0x56259295
10	660.72c: Machine: 0x8664 - amd64
11	660.72c: Timestamp: 0x56259295
12	660.72c: Image Version: 6.1
13	660.72c: SizeOfImage: 0x1a9000 (1740800)
14	660.72c: Resource Dir: 0x14d000 LB 0x5a028
15	660.72c: ProductName: Microsoft® Windows® Operating System
16	660.72c: ProductVersion: 6.1.7601.19045
17	660.72c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
18	660.72c: FileDescription: NT Layer DLL
19	660.72c: \SystemRoot\System32\kernel32.dll:
20	660.72c: CreationTime: 2015-12-02T14:02:30.132441700Z
21	660.72c: LastWriteTime: 2015-10-20T01:05:40.819000000Z
22	660.72c: ChangeTime: 2015-12-02T15:48:45.617639900Z
23	660.72c: FileAttributes: 0x20
24	660.72c: Size: 0x11c600
25	660.72c: NT Headers: 0xe8
26	660.72c: Timestamp: 0x56259270
27	660.72c: Machine: 0x8664 - amd64
28	660.72c: Timestamp: 0x56259270
29	660.72c: Image Version: 6.1
30	660.72c: SizeOfImage: 0x120000 (1179648)
31	660.72c: Resource Dir: 0x117000 LB 0x528
32	660.72c: ProductName: Microsoft® Windows® Operating System
33	660.72c: ProductVersion: 6.1.7601.19045
34	660.72c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
35	660.72c: FileDescription: Windows NT BASE API Client DLL
36	660.72c: \SystemRoot\System32\KernelBase.dll:
37	660.72c: CreationTime: 2015-12-02T14:02:30.070041600Z
38	660.72c: LastWriteTime: 2015-10-20T01:05:40.819000000Z
39	660.72c: ChangeTime: 2015-12-02T15:48:45.617639900Z
40	660.72c: FileAttributes: 0x20
41	660.72c: Size: 0x67c00
42	660.72c: NT Headers: 0xe8
43	660.72c: Timestamp: 0x56259271
44	660.72c: Machine: 0x8664 - amd64
45	660.72c: Timestamp: 0x56259271
46	660.72c: Image Version: 6.1
47	660.72c: SizeOfImage: 0x6c000 (442368)
48	660.72c: Resource Dir: 0x6a000 LB 0x530
49	660.72c: ProductName: Microsoft® Windows® Operating System
50	660.72c: ProductVersion: 6.1.7601.19045
51	660.72c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
52	660.72c: FileDescription: Windows NT BASE API Client DLL
53	660.72c: \SystemRoot\System32\apisetschema.dll:
54	660.72c: CreationTime: 2015-12-02T14:02:29.524040700Z
55	660.72c: LastWriteTime: 2015-10-20T00:53:47.280000000Z
56	660.72c: ChangeTime: 2015-12-02T15:48:45.539639700Z
57	660.72c: FileAttributes: 0x20
58	660.72c: Size: 0x1a00
59	660.72c: NT Headers: 0xc0
60	660.72c: Timestamp: 0x562590e2
61	660.72c: Machine: 0x8664 - amd64
62	660.72c: Timestamp: 0x562590e2
63	660.72c: Image Version: 6.1
64	660.72c: SizeOfImage: 0x50000 (327680)
65	660.72c: Resource Dir: 0x30000 LB 0x3f8
66	660.72c: ProductName: Microsoft® Windows® Operating System
67	660.72c: ProductVersion: 6.1.7601.19045
68	660.72c: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
69	660.72c: FileDescription: ApiSet Schema DLL
70	660.72c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71	660.72c: supR3HardenedWinFindAdversaries: 0x0
72	660.72c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
73	660.72c: Calling main()
74	660.72c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75	660.72c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
76	660.72c: SUPR3HardenedMain: Respawn #1
77	660.72c: System32: \Device\HarddiskVolume3\Windows\System32
78	660.72c: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
79	660.72c: KnownDllPath: C:\Windows\system32
80	660.72c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81	660.72c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82	660.72c: supR3HardNtEnableThreadCreation:
83	660.72c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b630 pvNtTerminateThread=00000000774adee0
84	660.72c: supR3HardenedWinDoReSpawn(1): New child 6d4.4ac [kernel32].
85	660.72c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
86	660.72c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077460000 uNtDllChildAddr=0000000077460000
87	660.72c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007748b630
88	660.72c: supR3HardenedWinSetupChildInit: Start child.
89	660.72c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90	660.72c: supR3HardNtChildPurify: Startup delay kludge #1/0: 258 ms, 18 sleeps
91	660.72c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92	660.72c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
93	660.72c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
94	660.72c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
95	660.72c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
96	660.72c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
97	660.72c: 0000000000041000-0000000000021fff 0x0001/0x0000 0x0000000
98	660.72c: *0000000000060000-fffffffffff63fff 0x0000/0x0004 0x0020000
99	660.72c: 000000000015c000-0000000000159fff 0x0104/0x0004 0x0020000
100	660.72c: 000000000015e000-000000000015bfff 0x0004/0x0004 0x0020000
101	660.72c: 0000000000160000-ffffffff88e5ffff 0x0001/0x0000 0x0000000
102	660.72c: *0000000077460000-0000000077460fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
103	660.72c: 0000000077461000-000000007755efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
104	660.72c: 000000007755f000-000000007758dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
105	660.72c: 000000007758e000-0000000077595fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
106	660.72c: 0000000077596000-0000000077596fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
107	660.72c: 0000000077597000-0000000077599fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
108	660.72c: 000000007759a000-0000000077608fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
109	660.72c: 0000000077609000-000000006fc31fff 0x0001/0x0000 0x0000000
110	660.72c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
111	660.72c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
112	660.72c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
113	660.72c: 000000007fff0000-ffffffffc0ceffff 0x0001/0x0000 0x0000000
114	660.72c: *000000013f2f0000-000000013f2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
115	660.72c: 000000013f2f1000-000000013f35ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
116	660.72c: 000000013f360000-000000013f360fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
117	660.72c: 000000013f361000-000000013f3a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
118	660.72c: 000000013f3a5000-000000013f3a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
119	660.72c: 000000013f3a6000-000000013f3a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
120	660.72c: 000000013f3a7000-000000013f3abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
121	660.72c: 000000013f3ac000-000000013f3acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
122	660.72c: 000000013f3ad000-000000013f3adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
123	660.72c: 000000013f3ae000-000000013f3b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
124	660.72c: 000000013f3b2000-000000013f3f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
125	660.72c: 000000013f3fa000-fffff8037f073fff 0x0001/0x0000 0x0000000
126	660.72c: *000007feff780000-000007feff780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
127	660.72c: 000007feff781000-000007fdfef51fff 0x0001/0x0000 0x0000000
128	660.72c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
129	660.72c: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
130	660.72c: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
131	660.72c: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
132	660.72c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
133	660.72c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
134	660.72c: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
135	660.72c: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
136	660.72c: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
137	660.72c: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
138	660.72c: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
139	660.72c: supR3HardNtChildPurify: Done after 275 ms and 0 fixes (loop #0).
140	6d4.4ac: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
141	6d4.4ac: supR3HardenedVmProcessInit: uNtDllAddr=0000000077460000 g_uNtVerCombined=0x611db100
142	6d4.4ac: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
143	6d4.4ac: New simple heap: #1 0000000000260000 LB 0x400000 (for 1740800 allocation)
144	6d4.4ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
145	660.72c: supR3HardNtEnableThreadCreation:
146	6d4.4ac: System32: \Device\HarddiskVolume3\Windows\System32
147	6d4.4ac: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
148	6d4.4ac: KnownDllPath: C:\Windows\system32
149	6d4.4ac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
150	6d4.4ac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
151	6d4.4ac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
152	6d4.4ac: Registered Dll notification callback with NTDLL.
153	6d4.4ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
154	6d4.4ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
155	6d4.4ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
156	6d4.4ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
157	6d4.4ac: supR3HardenedDllNotificationCallback: load 0000000077340000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
158	6d4.4ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
159	6d4.4ac: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
160	6d4.4ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
161	6d4.4ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
162	6d4.4ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\kernel32.dll'
163	6d4.4ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b630 pvNtTerminateThread=00000000774adee0
164	660.72c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 18 ms.
165	6d4.4ac: \SystemRoot\System32\ntdll.dll:
166	6d4.4ac: CreationTime: 2015-12-02T14:02:30.662842700Z
167	6d4.4ac: LastWriteTime: 2015-10-20T01:09:05.164170200Z
168	6d4.4ac: ChangeTime: 2015-12-02T15:48:45.539639700Z
169	6d4.4ac: FileAttributes: 0x20
170	6d4.4ac: Size: 0x1a67c0
171	6d4.4ac: NT Headers: 0xe0
172	6d4.4ac: Timestamp: 0x56259295
173	6d4.4ac: Machine: 0x8664 - amd64
174	6d4.4ac: Timestamp: 0x56259295
175	6d4.4ac: Image Version: 6.1
176	6d4.4ac: SizeOfImage: 0x1a9000 (1740800)
177	6d4.4ac: Resource Dir: 0x14d000 LB 0x5a028
178	6d4.4ac: ProductName: Microsoft® Windows® Operating System
179	6d4.4ac: ProductVersion: 6.1.7601.19045
180	6d4.4ac: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
181	6d4.4ac: FileDescription: NT Layer DLL
182	6d4.4ac: \SystemRoot\System32\kernel32.dll:
183	6d4.4ac: CreationTime: 2015-12-02T14:02:30.132441700Z
184	6d4.4ac: LastWriteTime: 2015-10-20T01:05:40.819000000Z
185	6d4.4ac: ChangeTime: 2015-12-02T15:48:45.617639900Z
186	6d4.4ac: FileAttributes: 0x20
187	6d4.4ac: Size: 0x11c600
188	6d4.4ac: NT Headers: 0xe8
189	6d4.4ac: Timestamp: 0x56259270
190	6d4.4ac: Machine: 0x8664 - amd64
191	6d4.4ac: Timestamp: 0x56259270
192	6d4.4ac: Image Version: 6.1
193	6d4.4ac: SizeOfImage: 0x120000 (1179648)
194	6d4.4ac: Resource Dir: 0x117000 LB 0x528
195	6d4.4ac: ProductName: Microsoft® Windows® Operating System
196	6d4.4ac: ProductVersion: 6.1.7601.19045
197	6d4.4ac: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
198	6d4.4ac: FileDescription: Windows NT BASE API Client DLL
199	6d4.4ac: \SystemRoot\System32\KernelBase.dll:
200	6d4.4ac: CreationTime: 2015-12-02T14:02:30.070041600Z
201	6d4.4ac: LastWriteTime: 2015-10-20T01:05:40.819000000Z
202	6d4.4ac: ChangeTime: 2015-12-02T15:48:45.617639900Z
203	6d4.4ac: FileAttributes: 0x20
204	6d4.4ac: Size: 0x67c00
205	6d4.4ac: NT Headers: 0xe8
206	6d4.4ac: Timestamp: 0x56259271
207	6d4.4ac: Machine: 0x8664 - amd64
208	6d4.4ac: Timestamp: 0x56259271
209	6d4.4ac: Image Version: 6.1
210	6d4.4ac: SizeOfImage: 0x6c000 (442368)
211	6d4.4ac: Resource Dir: 0x6a000 LB 0x530
212	6d4.4ac: ProductName: Microsoft® Windows® Operating System
213	6d4.4ac: ProductVersion: 6.1.7601.19045
214	6d4.4ac: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
215	6d4.4ac: FileDescription: Windows NT BASE API Client DLL
216	6d4.4ac: \SystemRoot\System32\apisetschema.dll:
217	6d4.4ac: CreationTime: 2015-12-02T14:02:29.524040700Z
218	6d4.4ac: LastWriteTime: 2015-10-20T00:53:47.280000000Z
219	6d4.4ac: ChangeTime: 2015-12-02T15:48:45.539639700Z
220	6d4.4ac: FileAttributes: 0x20
221	6d4.4ac: Size: 0x1a00
222	6d4.4ac: NT Headers: 0xc0
223	6d4.4ac: Timestamp: 0x562590e2
224	6d4.4ac: Machine: 0x8664 - amd64
225	6d4.4ac: Timestamp: 0x562590e2
226	6d4.4ac: Image Version: 6.1
227	6d4.4ac: SizeOfImage: 0x50000 (327680)
228	6d4.4ac: Resource Dir: 0x30000 LB 0x3f8
229	6d4.4ac: ProductName: Microsoft® Windows® Operating System
230	6d4.4ac: ProductVersion: 6.1.7601.19045
231	6d4.4ac: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
232	6d4.4ac: FileDescription: ApiSet Schema DLL
233	6d4.4ac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
234	6d4.4ac: supR3HardenedWinFindAdversaries: 0x0
235	6d4.4ac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
236	6d4.4ac: Calling main()
237	6d4.4ac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
238	6d4.4ac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
239	6d4.4ac: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
240	6d4.4ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
241	6d4.4ac: SUPR3HardenedMain: Respawn #2
242	6d4.4ac: supR3HardNtEnableThreadCreation:
243	6d4.4ac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\apphelp.dll)
244	6d4.4ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\apphelp.dll
245	6d4.4ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
246	6d4.4ac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
247	6d4.4ac: supR3HardenedDllNotificationCallback: load 000007fefd050000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
248	6d4.4ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
249	6d4.4ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd050000 'C:\Windows\system32\apphelp.dll'
250	6d4.4ac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b630 pvNtTerminateThread=00000000774adee0
251	6d4.4ac: supR3HardenedWinDoReSpawn(2): New child 374.f08 [kernel32].
252	6d4.4ac: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
253	6d4.4ac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077460000 uNtDllChildAddr=0000000077460000
254	6d4.4ac: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007748b630
255	6d4.4ac: supR3HardenedWinSetupChildInit: Start child.
256	6d4.4ac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
257	6d4.4ac: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
258	6d4.4ac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
259	6d4.4ac: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
260	6d4.4ac: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
261	6d4.4ac: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
262	6d4.4ac: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
263	6d4.4ac: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
264	6d4.4ac: 0000000000041000-fffffffffff31fff 0x0001/0x0000 0x0000000
265	6d4.4ac: *0000000000150000-0000000000053fff 0x0000/0x0004 0x0020000
266	6d4.4ac: 000000000024c000-0000000000249fff 0x0104/0x0004 0x0020000
267	6d4.4ac: 000000000024e000-000000000024bfff 0x0004/0x0004 0x0020000
268	6d4.4ac: 0000000000250000-ffffffff8903ffff 0x0001/0x0000 0x0000000
269	6d4.4ac: *0000000077460000-0000000077460fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
270	6d4.4ac: 0000000077461000-000000007755efff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
271	6d4.4ac: 000000007755f000-000000007758dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
272	6d4.4ac: 000000007758e000-0000000077595fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
273	6d4.4ac: 0000000077596000-0000000077596fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
274	6d4.4ac: 0000000077597000-0000000077599fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
275	6d4.4ac: 000000007759a000-0000000077608fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\ntdll.dll
276	6d4.4ac: 0000000077609000-000000006fc31fff 0x0001/0x0000 0x0000000
277	6d4.4ac: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
278	6d4.4ac: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
279	6d4.4ac: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
280	6d4.4ac: 000000007fff0000-ffffffffc0ceffff 0x0001/0x0000 0x0000000
281	6d4.4ac: *000000013f2f0000-000000013f2f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
282	6d4.4ac: 000000013f2f1000-000000013f35ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
283	6d4.4ac: 000000013f360000-000000013f360fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
284	6d4.4ac: 000000013f361000-000000013f3a4fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
285	6d4.4ac: 000000013f3a5000-000000013f3a5fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
286	6d4.4ac: 000000013f3a6000-000000013f3a6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
287	6d4.4ac: 000000013f3a7000-000000013f3abfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
288	6d4.4ac: 000000013f3ac000-000000013f3acfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
289	6d4.4ac: 000000013f3ad000-000000013f3adfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
290	6d4.4ac: 000000013f3ae000-000000013f3b1fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
291	6d4.4ac: 000000013f3b2000-000000013f3f9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe
292	6d4.4ac: 000000013f3fa000-fffff8037f073fff 0x0001/0x0000 0x0000000
293	6d4.4ac: *000007feff780000-000007feff780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume3\Windows\System32\apisetschema.dll
294	6d4.4ac: 000007feff781000-000007fdfef51fff 0x0001/0x0000 0x0000000
295	6d4.4ac: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
296	6d4.4ac: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
297	6d4.4ac: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
298	6d4.4ac: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
299	6d4.4ac: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
300	6d4.4ac: apisetschema.dll: timestamp 0x562590e2 (rc=VINF_SUCCESS)
301	6d4.4ac: VirtualBox.exe: timestamp 0x5790f053 (rc=VINF_SUCCESS)
302	6d4.4ac: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
303	6d4.4ac: '\Device\HarddiskVolume3\Windows\System32\apisetschema.dll' has no imports
304	6d4.4ac: '\Device\HarddiskVolume3\Windows\System32\ntdll.dll' has no imports
305	6d4.4ac: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
306	374.f08: Log file opened: 5.1.2r108956 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
307	374.f08: supR3HardenedVmProcessInit: uNtDllAddr=0000000077460000 g_uNtVerCombined=0x611db100
308	374.f08: ntdll.dll: timestamp 0x56259295 (rc=VINF_SUCCESS)
309	374.f08: New simple heap: #1 0000000000250000 LB 0x400000 (for 1740800 allocation)
310	6d4.4ac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
311	6d4.4ac: supR3HardNtEnableThreadCreation:
312	374.f08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
313	374.f08: System32: \Device\HarddiskVolume3\Windows\System32
314	374.f08: WinSxS: \Device\HarddiskVolume3\Windows\winsxs
315	374.f08: KnownDllPath: C:\Windows\system32
316	374.f08: supR3HardenedVmProcessInit: Opening vboxdrv...
317	374.f08: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
318	374.f08: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
319	374.f08: Registered Dll notification callback with NTDLL.
320	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\kernel32.dll)
321	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\kernel32.dll
322	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
323	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
324	374.f08: supR3HardenedDllNotificationCallback: load 0000000077340000 LB 0x00120000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
325	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
326	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x0006c000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
327	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\KernelBase.dll)
328	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\KernelBase.dll
329	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\kernel32.dll'
330	374.f08: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007748b630 pvNtTerminateThread=00000000774adee0
331	6d4.4ac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 21 ms.
332	374.f08: \SystemRoot\System32\ntdll.dll:
333	374.f08: CreationTime: 2015-12-02T14:02:30.662842700Z
334	374.f08: LastWriteTime: 2015-10-20T01:09:05.164170200Z
335	374.f08: ChangeTime: 2015-12-02T15:48:45.539639700Z
336	374.f08: FileAttributes: 0x20
337	374.f08: Size: 0x1a67c0
338	374.f08: NT Headers: 0xe0
339	374.f08: Timestamp: 0x56259295
340	374.f08: Machine: 0x8664 - amd64
341	374.f08: Timestamp: 0x56259295
342	374.f08: Image Version: 6.1
343	374.f08: SizeOfImage: 0x1a9000 (1740800)
344	374.f08: Resource Dir: 0x14d000 LB 0x5a028
345	374.f08: ProductName: Microsoft® Windows® Operating System
346	374.f08: ProductVersion: 6.1.7601.19045
347	374.f08: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
348	374.f08: FileDescription: NT Layer DLL
349	374.f08: \SystemRoot\System32\kernel32.dll:
350	374.f08: CreationTime: 2015-12-02T14:02:30.132441700Z
351	374.f08: LastWriteTime: 2015-10-20T01:05:40.819000000Z
352	374.f08: ChangeTime: 2015-12-02T15:48:45.617639900Z
353	374.f08: FileAttributes: 0x20
354	374.f08: Size: 0x11c600
355	374.f08: NT Headers: 0xe8
356	374.f08: Timestamp: 0x56259270
357	374.f08: Machine: 0x8664 - amd64
358	374.f08: Timestamp: 0x56259270
359	374.f08: Image Version: 6.1
360	374.f08: SizeOfImage: 0x120000 (1179648)
361	374.f08: Resource Dir: 0x117000 LB 0x528
362	374.f08: ProductName: Microsoft® Windows® Operating System
363	374.f08: ProductVersion: 6.1.7601.19045
364	374.f08: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
365	374.f08: FileDescription: Windows NT BASE API Client DLL
366	374.f08: \SystemRoot\System32\KernelBase.dll:
367	374.f08: CreationTime: 2015-12-02T14:02:30.070041600Z
368	374.f08: LastWriteTime: 2015-10-20T01:05:40.819000000Z
369	374.f08: ChangeTime: 2015-12-02T15:48:45.617639900Z
370	374.f08: FileAttributes: 0x20
371	374.f08: Size: 0x67c00
372	374.f08: NT Headers: 0xe8
373	374.f08: Timestamp: 0x56259271
374	374.f08: Machine: 0x8664 - amd64
375	374.f08: Timestamp: 0x56259271
376	374.f08: Image Version: 6.1
377	374.f08: SizeOfImage: 0x6c000 (442368)
378	374.f08: Resource Dir: 0x6a000 LB 0x530
379	374.f08: ProductName: Microsoft® Windows® Operating System
380	374.f08: ProductVersion: 6.1.7601.19045
381	374.f08: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
382	374.f08: FileDescription: Windows NT BASE API Client DLL
383	374.f08: \SystemRoot\System32\apisetschema.dll:
384	374.f08: CreationTime: 2015-12-02T14:02:29.524040700Z
385	374.f08: LastWriteTime: 2015-10-20T00:53:47.280000000Z
386	374.f08: ChangeTime: 2015-12-02T15:48:45.539639700Z
387	374.f08: FileAttributes: 0x20
388	374.f08: Size: 0x1a00
389	374.f08: NT Headers: 0xc0
390	374.f08: Timestamp: 0x562590e2
391	374.f08: Machine: 0x8664 - amd64
392	374.f08: Timestamp: 0x562590e2
393	374.f08: Image Version: 6.1
394	374.f08: SizeOfImage: 0x50000 (327680)
395	374.f08: Resource Dir: 0x30000 LB 0x3f8
396	374.f08: ProductName: Microsoft® Windows® Operating System
397	374.f08: ProductVersion: 6.1.7601.19045
398	374.f08: FileVersion: 6.1.7601.19045 (win7sp1_gdr.151019-1254)
399	374.f08: FileDescription: ApiSet Schema DLL
400	374.f08: NtOpenDirectoryObject failed on \Driver: 0xc0000022
401	374.f08: supR3HardenedWinFindAdversaries: 0x0
402	374.f08: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
403	374.f08: Calling main()
404	374.f08: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
405	374.f08: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox'
406	374.f08: '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
407	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.exe)
408	374.f08: SUPR3HardenedMain: Final process, opening VBoxDrv...
409	374.f08: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
410	374.f08: supR3HardNtEnableThreadCreation:
411	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
412	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
413	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c3c80:C:\Windows\system32 [calling]
414	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
415	374.f08: supR3HardenedDllNotificationCallback: load 000007feee480000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
416	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
417	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
418	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
419	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
420	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
421	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
422	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
423	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee480000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
424	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
425	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
426	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
427	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
428	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\wintrust.dll)
429	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\wintrust.dll
430	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
431	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
432	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll)
433	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
434	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
435	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
436	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msasn1.dll)
437	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msasn1.dll
438	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
439	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
440	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
441	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
442	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\crypt32.dll)
443	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\crypt32.dll
444	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
445	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
446	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msvcrt.dll)
447	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
448	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
449	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
450	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
451	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
452	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
453	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
454	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c3c80:C:\Windows\system32 [calling]
455	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
456	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
457	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
458	374.f08: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
459	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
460	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
461	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
462	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd220000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
463	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
464	374.f08: supR3HardenedDllNotificationCallback: load 000007fefdc40000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
465	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
466	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\Wintrust.dll'
467	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\bcrypt.dll)
468	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcrypt.dll
469	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f0e00:C:\Windows\system32 [calling]
470	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
471	374.f08: supR3HardenedDllNotificationCallback: load 000007fefcba0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
472	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
473	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\bcrypt.dll'
474	374.f08: bcrypt.dll loaded at 000007fefcba0000, BCryptOpenAlgorithmProvider at 000007fefcba2640, preloading providers:
475	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
476	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
477	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll)
478	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll
479	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
480	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
481	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
482	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
483	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
484	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
485	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
486	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\advapi32.dll)
487	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\advapi32.dll
488	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
489	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
490	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
491	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
492	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
493	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
494	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
495	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
496	374.f08: supR3HardenedDllNotificationCallback: load 000007fefc650000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
497	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
498	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd930000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
499	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
500	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
501	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
502	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\sechost.dll)
503	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\sechost.dll
504	374.f08: supR3HardenedDllNotificationCallback: load 000007fefddf0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
505	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\sechost.dll [lacks WinVerifyTrust]
506	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc650000 'C:\Windows\system32\bcryptprimitives.dll'
507	374.f08: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000007f24e0)
508	374.f08: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000007f53a0)
509	374.f08: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000007f54c0)
510	374.f08: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000007f56d0)
511	374.f08: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000007f57f0)
512	374.f08: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000007f5910)
513	374.f08: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000007f5b50)
514	374.f08: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000007f5c70)
515	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptsp.dll)
516	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptsp.dll
517	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
518	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
519	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
520	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
521	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
522	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
523	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
524	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
525	374.f08: supR3HardenedDllNotificationCallback: load 000007fefca50000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
526	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
527	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\CRYPTSP.dll'
528	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
529	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\rsaenh.dll)
530	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\rsaenh.dll
531	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
532	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
533	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
534	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
535	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
536	374.f08: supR3HardenedDllNotificationCallback: load 000007fefc710000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
537	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
538	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc710000 'C:\Windows\system32\rsaenh.dll'
539	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
540	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
541	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd930000 'C:\Windows\system32\ADVAPI32.dll'
542	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptbase.dll)
543	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
544	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
545	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
546	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
547	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
548	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CRYPTBASE.dll'
549	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
550	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
551	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077340000 'C:\Windows\system32\kernel32.dll'
552	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
553	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
554	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\WINTRUST.DLL'
555	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
556	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
557	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\CRYPT32.dll'
558	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
559	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
560	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imagehlp.dll)
561	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imagehlp.dll
562	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
563	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
564	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
565	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
566	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
567	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
568	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
569	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
570	374.f08: supR3HardenedDllNotificationCallback: load 000007feff370000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
571	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
572	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\imagehlp.dll'
573	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
574	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
575	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca50000 'C:\Windows\system32\CRYPTSP.dll'
576	374.f08: \Device\HarddiskVolume3\Windows\System32\user32.dll: Owner is administrators group.
577	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
578	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\user32.dll)
579	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\user32.dll
580	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
581	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
582	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
583	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
584	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gdi32.dll)
585	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gdi32.dll
586	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
587	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume3\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
588	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
589	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
590	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
591	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\lpk.dll)
592	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\lpk.dll
593	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
594	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
595	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
596	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
597	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume3\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
598	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
599	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
600	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
601	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\usp10.dll)
602	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\usp10.dll
603	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
604	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
605	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
606	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
607	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
608	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
609	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
610	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
611	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
612	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
613	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
614	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
615	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
616	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
617	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
618	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
619	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
620	374.f08: supR3HardenedDllNotificationCallback: load 0000000077240000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
621	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
622	374.f08: supR3HardenedDllNotificationCallback: load 000007feff400000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
623	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
624	374.f08: supR3HardenedDllNotificationCallback: load 000007feff390000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
625	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\lpk.dll [lacks WinVerifyTrust]
626	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd860000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
627	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\usp10.dll [lacks WinVerifyTrust]
628	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
629	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
630	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff400000 'C:\Windows\system32\gdi32.dll'
631	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
632	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
633	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
634	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\imm32.dll)
635	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\imm32.dll
636	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
637	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume3\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
638	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
639	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
640	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
641	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
642	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\msctf.dll)
643	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\msctf.dll
644	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
645	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
646	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
647	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
648	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
649	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
650	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
651	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
652	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
654	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
655	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
656	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
657	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
658	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
659	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
660	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
661	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
662	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
663	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
664	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd830000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
665	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\imm32.dll [lacks WinVerifyTrust]
666	374.f08: supR3HardenedDllNotificationCallback: load 000007fefde10000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
667	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msctf.dll [lacks WinVerifyTrust]
668	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd830000 'C:\Windows\system32\IMM32.DLL'
669	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077240000 'C:\Windows\system32\USER32.dll'
670	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
671	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
672	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
673	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\ncrypt.dll)
674	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ncrypt.dll
675	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
676	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume3\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
677	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
678	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
679	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
680	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
681	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
682	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
683	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
684	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
685	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
686	374.f08: supR3HardenedDllNotificationCallback: load 000007fefcbd0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
687	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
688	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbd0000 'C:\Windows\system32\ncrypt.dll'
689	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
690	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
691	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\Windows\system32\bcrypt.dll'
692	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
693	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
694	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
695	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\userenv.dll)
696	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\userenv.dll
697	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
698	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
699	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
700	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\profapi.dll)
701	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\profapi.dll
702	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
703	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
704	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
705	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
706	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
707	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
708	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
709	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
710	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
711	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
712	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
713	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
714	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\userenv.dll [lacks WinVerifyTrust]
715	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd210000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
716	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
717	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4c0000 'C:\Windows\system32\USERENV.dll'
718	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
719	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
720	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
721	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
722	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
723	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
724	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\gpapi.dll)
725	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\gpapi.dll
726	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
727	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
728	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
729	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
730	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
731	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
732	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
733	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
734	374.f08: supR3HardenedDllNotificationCallback: load 000007fefc4c0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
735	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
736	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4c0000 'C:\Windows\system32\GPAPI.dll'
737	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
738	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
739	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
740	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
741	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc40000 'C:\Windows\system32\rpcrt4.dll'
742	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
743	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
744	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
745	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
746	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
747	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
748	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
749	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
750	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\cryptnet.dll)
751	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cryptnet.dll
752	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
753	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume3\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
754	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
755	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\Wldap32.dll)
756	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\Wldap32.dll
757	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
758	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume3\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
759	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
760	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
761	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
762	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
763	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
764	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
765	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
766	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
767	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
768	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
769	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
770	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771	374.f08: supR3HardenedDllNotificationCallback: load 000007fefa5e0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
772	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
773	374.f08: supR3HardenedDllNotificationCallback: load 000007feff3a0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
774	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
775	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
777	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
778	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
779	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
780	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
781	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
783	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
784	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
786	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
787	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
789	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
790	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
792	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
793	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
795	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
796	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
797	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
799	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
801	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
802	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
803	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
804	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
805	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5e0000 'C:\Windows\system32\cryptnet.dll'
806	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
807	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
808	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\profapi.dll [lacks WinVerifyTrust]
809	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
810	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd210000 'C:\Windows\system32\profapi.dll'
811	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
812	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
813	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
814	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\System32\shlwapi.dll)
815	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
816	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
817	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
818	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
819	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
820	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
821	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\user32.dll [lacks WinVerifyTrust]
822	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
823	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
824	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
825	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
826	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
827	374.f08: supR3HardenedDllNotificationCallback: load 000007feff650000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
828	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
829	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff650000 'C:\Windows\system32\SHLWAPI.dll'
830	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
831	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008663f0
832	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
833	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9B1D637739FC6B271ED989F7454A98D5A76C1B7A
834	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
835	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
836	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
837	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
838	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
839	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
840	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
841	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
842	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd930000 'C:\Windows\system32\ADVAPI32.dll'
843	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
844	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
845	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
846	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefddf0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
847	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
848	374.f08: g_pfnWinVerifyTrust=000007fefd481010
849	374.f08: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
850	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume3\Windows\System32\crypt32.dll
851	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
852	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
853	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
854	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
855	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
856	374.f08: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\crypt32.dll'
857	374.f08: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
858	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume3\Windows\System32\wintrust.dll
859	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
860	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
861	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
862	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
863	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
864	374.f08: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\wintrust.dll'
865	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume3\Windows\System32\shlwapi.dll
866	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
867	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
868	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
869	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
870	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
871	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll'
872	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000368 pwszName=\Device\HarddiskVolume3\Windows\System32\Wldap32.dll
873	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
874	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
875	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
876	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
877	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
878	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\Wldap32.dll'
879	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000364 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptnet.dll
880	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
881	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
882	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
883	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
884	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
885	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptnet.dll'
886	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000250 pwszName=\Device\HarddiskVolume3\Windows\System32\gpapi.dll
887	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
888	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
889	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
890	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
891	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
892	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gpapi.dll'
893	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume3\Windows\System32\profapi.dll
894	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
895	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
896	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
897	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\profapi.dll'
898	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
899	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\profapi.dll'
900	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume3\Windows\System32\userenv.dll
901	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
902	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
903	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
904	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\userenv.dll'
905	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
906	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\userenv.dll'
907	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume3\Windows\System32\ncrypt.dll
908	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
909	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
910	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE8C9B0409BB6DC8348383C722B4EC4291BB2193
911	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
912	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
913	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\ncrypt.dll'
914	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume3\Windows\System32\msctf.dll
915	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
916	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
917	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
918	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msctf.dll'
919	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
920	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msctf.dll'
921	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume3\Windows\System32\imm32.dll
922	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
923	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
924	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
925	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\imm32.dll'
926	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
927	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imm32.dll'
928	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume3\Windows\System32\usp10.dll
929	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
930	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
931	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F1AA8340DE02FC1B6341EE2706E55D56EDF63B8
932	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\usp10.dll'
933	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
934	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\usp10.dll'
935	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume3\Windows\System32\lpk.dll
936	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
937	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
938	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FDBA63132AE4F561C5CFC5478222E40A2DAA2ACC
939	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\lpk.dll'
940	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
941	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\lpk.dll'
942	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume3\Windows\System32\gdi32.dll
943	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
944	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
945	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB178841F5FFC6B05E668168217B0AC222A62955
946	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3069392~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
947	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
948	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\gdi32.dll'
949	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume3\Windows\System32\user32.dll
950	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008663f0
951	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008663f0
952	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
953	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
954	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002bfe0f0
955	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
956	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
957	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
958	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002bfe1b0
959	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe1b0
960	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
961	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
962	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
963	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\user32.dll'
964	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000174 pwszName=\Device\HarddiskVolume3\Windows\System32\imagehlp.dll
965	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
966	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
967	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
968	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
969	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
970	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\imagehlp.dll'
971	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume3\Windows\System32\cryptbase.dll
972	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
973	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
974	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DD41E47CDA7ECDD58265F0739B9BC23E0761082B
975	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
976	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
977	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptbase.dll'
978	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rsaenh.dll'
979	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume3\Windows\System32\cryptsp.dll
980	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
981	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
982	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
983	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
984	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
985	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\cryptsp.dll'
986	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume3\Windows\System32\sechost.dll
987	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
988	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
989	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
990	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\sechost.dll'
991	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
992	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\sechost.dll'
993	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume3\Windows\System32\advapi32.dll
994	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
995	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
996	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D58A667BECF67ECC76D4BEEDB96E9F1960013145
997	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3080149~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
998	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
999	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\advapi32.dll'
1000	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcryptprimitives.dll'
1001	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume3\Windows\System32\bcrypt.dll
1002	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1003	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1004	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1005	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1006	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1007	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\bcrypt.dll'
1008	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1009	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1010	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1011	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1012	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1013	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1014	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll'
1015	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume3\Windows\System32\msasn1.dll
1016	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1017	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1018	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1019	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1020	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1021	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\msasn1.dll'
1022	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1023	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1024	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1025	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=35EB15A32FF6A8320A28B76654C7C05F183C0649
1026	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1027	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1028	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll'
1029	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1030	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume3\Windows\System32\KernelBase.dll
1031	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1032	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1033	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D187E2BFBA7ED9D015FB710000144445CAD8B2DE
1034	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1035	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1036	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\KernelBase.dll'
1037	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume3\Windows\System32\kernel32.dll
1038	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1039	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1040	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3ABD4E7598BD11C4FA1AD66BF1B854BCC2A7C5DD
1041	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_60_for_KB3101746~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1042	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1043	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume3\Windows\System32\kernel32.dll'
1044	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1045	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b80210:C:\Windows\system32 [calling]
1046	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\crypt32.dll'
1047	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1048	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1049	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1050	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1051	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1052	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1053	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1054	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1055	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1056	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1057	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1058	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1059	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1060	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1061	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1062	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1063	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1064	374.f08: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1065	374.f08: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=18
1066	374.f08: SUPR3HardenedMain: Load Runtime...
1067	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1068	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1069	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1070	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1071	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1072	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1073	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1074	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1075	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1076	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1077	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1078	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c8 pwszName=\Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1079	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1080	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1081	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1082	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\ws2_32.dll'
1083	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1084	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1085	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1086	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1087	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ws2_32.dll) WinVerifyTrust
1088	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1089	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1090	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1091	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1092	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1093	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1094	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1095	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1096	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1097	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1098	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1099	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1100	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1101	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1102	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume3\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1103	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003dc pwszName=\Device\HarddiskVolume3\Windows\System32\nsi.dll
1104	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1105	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1106	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1107	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\nsi.dll'
1108	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1109	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\nsi.dll) WinVerifyTrust
1110	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\nsi.dll
1111	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1112	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1113	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\rpcrt4.dll
1114	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1115	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1116	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\msvcrt.dll
1117	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1118	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1119	374.f08: supR3HardenedDllNotificationCallback: load 000007feed400000 LB 0x00519000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1120	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1121	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1122	374.f08: supR3HardenedDllNotificationCallback: load 000000006d4c0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1123	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1124	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1125	374.f08: supR3HardenedDllNotificationCallback: load 0000000073a20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1126	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1127	374.f08: supR3HardenedDllNotificationCallback: load 000007fefdf20000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1128	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1129	374.f08: supR3HardenedDllNotificationCallback: load 000007feff360000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1130	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\nsi.dll
1131	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1132	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1133	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1134	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1135	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1136	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1137	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1138	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1139	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1140	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1141	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1142	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1143	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1144	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1145	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1146	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1147	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1148	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1149	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1150	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1151	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1153	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1154	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1156	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1157	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1158	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1159	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1160	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1162	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1163	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1165	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1166	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007c40b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\ [calling]
1176	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1178	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1179	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed400000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\wintrust.dll
1181	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f7780:C:\Windows\system32 [calling]
1182	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\Wintrust.dll'
1183	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\crypt32.dll
1184	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f7780:C:\Windows\system32 [calling]
1185	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\crypt32.dll'
1186	374.f08: SUPR3HardenedMain: Load TrustedMain...
1187	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1188	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1189	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1190	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1191	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1192	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1193	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1194	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1195	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1196	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1197	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1198	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1199	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1200	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1201	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1202	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1203	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1204	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1205	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1206	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume3\Windows\System32\winmm.dll
1207	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1208	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1209	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1210	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\winmm.dll'
1211	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1212	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1213	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1214	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winmm.dll) WinVerifyTrust
1215	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winmm.dll
1216	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1217	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1218	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1219	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1220	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1221	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8A837B0D823EB506C6A4C447C1962174D27ED954
1222	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3020338~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\oleaut32.dll'
1223	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1224	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1225	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1226	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1227	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1228	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1229	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\oleaut32.dll) WinVerifyTrust
1230	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1231	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1232	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1233	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume3\Windows\System32\ole32.dll
1234	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1235	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1236	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E93C1851E5754D607F55581B4DE2A30B711C830
1237	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3072633~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume3\Windows\System32\ole32.dll'
1238	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1239	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1240	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1241	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1242	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1243	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ole32.dll) WinVerifyTrust
1244	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ole32.dll
1245	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1246	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1247	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume3\Windows\System32\shell32.dll
1248	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1249	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1250	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB4A0D952E568C1E85DCE662F9A066FFB2E6CE84
1251	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume3\Windows\System32\shell32.dll'
1252	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1253	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1254	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1255	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1256	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1257	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\shell32.dll) WinVerifyTrust
1258	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\shell32.dll
1259	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1260	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1261	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1262	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1263	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1264	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1265	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1266	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1267	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1268	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1269	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1270	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1271	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1272	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1273	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1274	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1275	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1276	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1277	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1278	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1279	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1280	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1281	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1282	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1283	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1284	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1285	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1286	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1287	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1288	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1289	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1290	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1291	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1292	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1293	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1294	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1295	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1296	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1297	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1298	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1299	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1300	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
1301	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1302	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1303	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1304	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1305	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1306	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1307	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1308	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1309	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1310	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1311	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1312	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1313	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1314	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1315	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1316	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1317	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1318	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1319	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1320	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1321	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1322	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1323	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1324	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1325	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1326	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume3\Windows\System32\opengl32.dll
1327	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1328	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1329	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1330	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\opengl32.dll'
1331	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1332	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1333	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1334	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1335	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1336	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1337	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1338	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\opengl32.dll) WinVerifyTrust
1339	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1340	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1341	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1342	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1343	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume3\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1344	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000460 pwszName=\Device\HarddiskVolume3\Windows\System32\ddraw.dll
1345	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1346	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1347	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1348	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\ddraw.dll'
1349	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1350	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1351	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1352	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1353	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1354	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1355	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1356	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\ddraw.dll) WinVerifyTrust
1357	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1358	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1359	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume3\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1360	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume3\Windows\System32\glu32.dll
1361	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1362	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1363	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1364	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume3\Windows\System32\glu32.dll'
1365	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1366	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1367	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1368	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1369	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\glu32.dll) WinVerifyTrust
1370	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\glu32.dll
1371	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1372	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1373	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1374	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1375	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1376	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1377	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1378	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1379	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1380	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1381	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1382	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1383	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1384	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1385	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1386	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume3\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1387	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume3\Windows\System32\mpr.dll
1388	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1389	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1390	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1391	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\mpr.dll'
1392	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1393	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\mpr.dll) WinVerifyTrust
1394	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\mpr.dll
1395	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1396	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1397	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ws2_32.dll
1398	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1399	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1400	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\advapi32.dll
1401	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1402	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1403	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1404	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1405	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1406	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1407	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1408	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1409	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1410	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1411	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1412	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1413	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1414	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcp100.dll
1415	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1416	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1417	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1418	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1419	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1420	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1421	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1422	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1423	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1424	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1425	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1426	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1427	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1428	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1429	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1430	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1431	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1432	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1433	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1434	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1435	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1436	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1437	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1438	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1439	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1440	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1441	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1442	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1443	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll
1444	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1445	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1446	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1447	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1448	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1449	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1450	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\comdlg32.dll'
1451	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1452	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1453	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1454	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1455	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1456	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1457	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1458	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comdlg32.dll) WinVerifyTrust
1459	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1460	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1461	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume3\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1462	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume3\Windows\System32\winspool.drv
1463	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1464	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1465	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1466	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\winspool.drv'
1467	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1468	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1469	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1470	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1471	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\winspool.drv) WinVerifyTrust
1472	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\winspool.drv
1473	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1474	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1475	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1476	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1477	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1478	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1479	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1480	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1481	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1482	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1483	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1484	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1485	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1486	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1487	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1488	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1489	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1490	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1491	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1492	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1493	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1494	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1495	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1496	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1497	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1498	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1499	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1500	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1501	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1502	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1503	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1504	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1505	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1506	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1507	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1508	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1509	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1510	374.f08: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume3\Windows\System32\user32.dll
1511	374.f08: Error (rc=0):
1512	374.f08: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume3\Windows\System32\user32.dll
1513	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1514	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1515	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1516	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1517	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1518	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1519	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1520	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1521	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1522	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1523	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1524	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1525	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1526	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1527	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1528	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1529	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1530	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1531	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1532	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1533	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1534	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1535	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1536	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1537	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1538	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1539	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1540	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1541	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1542	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1543	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume3\Windows\System32\comctl32.dll
1544	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1545	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1546	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1547	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\comctl32.dll'
1548	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1549	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1550	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1551	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1552	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\comctl32.dll) WinVerifyTrust
1553	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\comctl32.dll
1554	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1555	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1556	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\gdi32.dll
1557	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1558	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1559	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1560	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1561	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shlwapi.dll
1562	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1563	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1564	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1565	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1566	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1567	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume3\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1568	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1569	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1570	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1571	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1572	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1573	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1574	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1575	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1576	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1577	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume3\Windows\System32\dwmapi.dll'
1578	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1579	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1580	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1581	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1582	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dwmapi.dll) WinVerifyTrust
1583	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1584	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1585	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume3\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1586	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume3\Windows\System32\setupapi.dll
1587	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1588	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1589	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1590	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\setupapi.dll'
1591	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1592	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1593	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1594	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1595	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1596	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1597	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1598	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1599	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\setupapi.dll) WinVerifyTrust
1600	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1601	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1602	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1603	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1604	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume3\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1605	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume3\Windows\System32\dciman32.dll
1606	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1607	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1608	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=779E327CA47BE9830D08A18EEDE8A70C3A978A3B
1609	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3087039~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume3\Windows\System32\dciman32.dll'
1610	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1611	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1612	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1613	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1614	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\dciman32.dll) WinVerifyTrust
1615	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1616	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1617	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1618	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1619	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1620	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1621	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1622	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1623	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1624	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1625	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1626	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1627	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume3\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1628	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume3\Windows\System32\devobj.dll
1629	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1630	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1631	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1632	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\devobj.dll'
1633	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1634	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1635	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1636	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\devobj.dll) WinVerifyTrust
1637	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\devobj.dll
1638	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1639	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1640	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1641	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1642	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1643	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1644	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1645	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1646	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1647	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1648	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1649	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1650	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1651	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1652	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1653	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1654	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1655	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll'
1656	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1657	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1658	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1659	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1660	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1661	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1662	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1663	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1664	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1665	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1666	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1667	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1668	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1669	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1670	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1671	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1672	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1673	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1674	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1675	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1676	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1677	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume3\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1678	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1679	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1680	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1681	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1682	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1683	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1684	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1685	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1686	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1687	374.f08: supR3HardenedDllNotificationCallback: load 000007feebd10000 LB 0x008de000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1688	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\VirtualBox.dll
1689	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1690	374.f08: supR3HardenedDllNotificationCallback: load 000007fef1a30000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1691	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\opengl32.dll
1692	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
1693	374.f08: supR3HardenedDllNotificationCallback: load 000007fef1a00000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1694	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\glu32.dll
1695	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1696	374.f08: supR3HardenedDllNotificationCallback: load 000007fef1900000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1697	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ddraw.dll
1698	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1699	374.f08: supR3HardenedDllNotificationCallback: load 000007fef18f0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1700	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dciman32.dll
1701	374.f08: supR3HardenedDllNotificationCallback: load 000007feff470000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1702	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\setupapi.dll
1703	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd230000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1704	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cfgmgr32.dll
1705	374.f08: supR3HardenedDllNotificationCallback: load 000007fefe180000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1706	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1707	374.f08: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1708	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1709	374.f08: supR3HardenedDllNotificationCallback: load 000007fefd4f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1710	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\devobj.dll
1711	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1712	374.f08: supR3HardenedDllNotificationCallback: load 000007fefa9a0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1713	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\dwmapi.dll
1714	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1715	374.f08: supR3HardenedDllNotificationCallback: load 000000006cf60000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1716	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1717	374.f08: supR3HardenedDllNotificationCallback: load 000007fefe260000 LB 0x00d89000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1718	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1719	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
1720	374.f08: supR3HardenedDllNotificationCallback: load 000007fef8d70000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1721	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\mpr.dll
1722	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1723	374.f08: supR3HardenedDllNotificationCallback: load 000007feeb760000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1724	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1725	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1726	374.f08: supR3HardenedDllNotificationCallback: load 000000006ca10000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1727	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1728	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1729	374.f08: supR3HardenedDllNotificationCallback: load 000007feed3a0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1730	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1731	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
1732	374.f08: supR3HardenedDllNotificationCallback: load 000007fef9080000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1733	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winspool.drv
1734	374.f08: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1735	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\comdlg32.dll
1736	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1737	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1738	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1739	374.f08: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1740	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1741	374.f08: supR3HardenedDllNotificationCallback: load 000007feed300000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1742	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1743	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1744	374.f08: supR3HardenedDllNotificationCallback: load 00000000734b0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1745	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1746	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1747	374.f08: supR3HardenedDllNotificationCallback: load 000007fef4300000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1748	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1749	374.f08: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1750	374.f08: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume3\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1751	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
1752	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1753	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1754	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1755	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1756	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1757	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1758	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000008242b0:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1759	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd830000 'C:\Windows\system32\imm32.dll'
1760	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd930000 'C:\Windows\system32\ADVAPI32.DLL'
1761	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1762	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1763	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\cryptbase.dll'
1764	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebd10000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1765	374.f08: SUPR3HardenedMain: Calling TrustedMain (000007feebd115f0)...
1766	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1767	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1768	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf70000 'C:\Windows\system32\ole32.dll'
1769	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd930000 'C:\Windows\system32\ADVAPI32.dll'
1770	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1771	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1772	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe260000 'C:\Windows\system32\shell32.dll'
1773	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1774	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
1775	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
1776	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
1777	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1778	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1779	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1780	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1781	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1782	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1783	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1784	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1785	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1786	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1787	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1788	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1789	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1790	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1791	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1792	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1793	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1794	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1795	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1796	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1797	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1798	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1799	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1800	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1801	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume3\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1802	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\shell32.dll
1803	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1804	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume3\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1805	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\oleaut32.dll
1806	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1807	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume3\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1808	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\winmm.dll
1809	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1810	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume3\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1811	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\imm32.dll
1812	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1813	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume3\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1814	374.f08: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\ole32.dll
1815	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1816	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1817	374.f08: supR3HardenedDllNotificationCallback: load 000007feed1d0000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1818	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1819	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed1d0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1820	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1821	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002bfe0f0
1822	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002bfe0f0
1823	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1824	374.f08: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume3\Windows\System32\uxtheme.dll'
1825	374.f08: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1826	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1827	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1828	374.f08: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1829	374.f08: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume3\Windows\System32\uxtheme.dll) WinVerifyTrust
1830	374.f08: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1831	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1832	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume3\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1833	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1834	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume3\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1835	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1836	374.f08: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume3\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1837	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b7b150:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1838	374.f08: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1839	374.f08: supR3HardenedDllNotificationCallback: load 000007fefad80000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1840	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1841	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad80000 'C:\Windows\system32\uxtheme.dll'
1842	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1843	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b7b150:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1844	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad80000 'C:\Windows\system32\uxtheme.dll'
1845	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1846	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b7be60:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1847	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad80000 'C:\Windows\system32\uxtheme.dll'
1848	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\uxtheme.dll
1849	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000002b7be60:C:\Windows\system32;C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1850	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad80000 'C:\Windows\system32\uxtheme.dll'
1851	374.f08: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume3\Windows\System32\cryptbase.dll
1852	374.f08: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000824220:C:\Program Files\Oracle\VirtualBox;C:\Windows\system32 [calling]
1853	374.f08: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\Windows\system32\CRYPTBASE.dll'
1854	6d4.4ac: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 774 ms, the end);
1855	660.72c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1085 ms, the end);
1856

Download in other formats:

Original Format