Ticket #17007: VBoxHardening.log

fe0.cac: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
fe0.cac: \SystemRoot\System32\ntdll.dll:
fe0.cac:     CreationTime:    2017-08-08T23:30:52.086684000Z
fe0.cac:     LastWriteTime:   2017-07-07T15:31:14.558275200Z
fe0.cac:     ChangeTime:      2017-08-09T23:19:40.530998500Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x1a7100
fe0.cac:     NT Headers:      0xe0
fe0.cac:     Timestamp:       0x595fa942
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x595fa942
fe0.cac:     Image Version:   6.1
fe0.cac:     SizeOfImage:     0x1aa000 (1744896)
fe0.cac:     Resource Dir:    0x14e000 LB 0x5a028
fe0.cac:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Microsoft® Windows® Operating System
fe0.cac:     ProductVersion:  6.1.7601.23864
fe0.cac:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
fe0.cac:     FileDescription: NT Layer DLL
fe0.cac: \SystemRoot\System32\kernel32.dll:
fe0.cac:     CreationTime:    2017-08-08T23:30:50.869881900Z
fe0.cac:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
fe0.cac:     ChangeTime:      2017-08-09T23:19:40.780598900Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x11c000
fe0.cac:     NT Headers:      0xe0
fe0.cac:     Timestamp:       0x595fa987
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x595fa987
fe0.cac:     Image Version:   6.1
fe0.cac:     SizeOfImage:     0x11f000 (1175552)
fe0.cac:     Resource Dir:    0x116000 LB 0x528
fe0.cac:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Microsoft® Windows® Operating System
fe0.cac:     ProductVersion:  6.1.7601.23864
fe0.cac:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
fe0.cac:     FileDescription: Windows NT BASE API Client DLL
fe0.cac: \SystemRoot\System32\KernelBase.dll:
fe0.cac:     CreationTime:    2017-08-08T23:30:50.760681700Z
fe0.cac:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
fe0.cac:     ChangeTime:      2017-08-09T23:19:40.780598900Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x66800
fe0.cac:     NT Headers:      0xe8
fe0.cac:     Timestamp:       0x595fa988
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x595fa988
fe0.cac:     Image Version:   6.1
fe0.cac:     SizeOfImage:     0x6a000 (434176)
fe0.cac:     Resource Dir:    0x68000 LB 0x530
fe0.cac:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Microsoft® Windows® Operating System
fe0.cac:     ProductVersion:  6.1.7601.23864
fe0.cac:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
fe0.cac:     FileDescription: Windows NT BASE API Client DLL
fe0.cac: \SystemRoot\System32\apisetschema.dll:
fe0.cac:     CreationTime:    2017-08-08T23:30:50.386281000Z
fe0.cac:     LastWriteTime:   2017-07-07T15:29:28.923000000Z
fe0.cac:     ChangeTime:      2017-08-09T23:19:40.515398500Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x1a00
fe0.cac:     NT Headers:      0xc0
fe0.cac:     Timestamp:       0x595fa921
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x595fa921
fe0.cac:     Image Version:   6.1
fe0.cac:     SizeOfImage:     0x50000 (327680)
fe0.cac:     Resource Dir:    0x30000 LB 0x3f8
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Microsoft® Windows® Operating System
fe0.cac:     ProductVersion:  6.1.7601.23864
fe0.cac:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
fe0.cac:     FileDescription: ApiSet Schema DLL
fe0.cac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
fe0.cac: supR3HardenedWinFindAdversaries: 0x4
fe0.cac: \SystemRoot\System32\drivers\aswHwid.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.426945600Z
fe0.cac:     LastWriteTime:   2017-06-29T23:00:14.915341100Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0xb788
fe0.cac:     NT Headers:      0xe8
fe0.cac:     Timestamp:       0x5948521a
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x5948521a
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0xa000 (40960)
fe0.cac:     Resource Dir:    0x8000 LB 0x388
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3540.0
fe0.cac:     FileVersion:     17.5.3540.0
fe0.cac:     FileDescription: Avast HWID
fe0.cac: \SystemRoot\System32\drivers\aswMonFlt.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.442545600Z
fe0.cac:     LastWriteTime:   2017-08-09T23:07:02.319304500Z
fe0.cac:     ChangeTime:      2017-08-09T23:07:02.319304500Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x23d10
fe0.cac:     NT Headers:      0xe0
fe0.cac:     Timestamp:       0x59835a6c
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x59835a6c
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0x27000 (159744)
fe0.cac:     Resource Dir:    0x25000 LB 0x3b8
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x25060 LB 0x354, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3585.203
fe0.cac:     FileVersion:     17.5.3585.203
fe0.cac:     FileDescription: Avast File System Minifilter for Windows 2003/Vista
fe0.cac: \SystemRoot\System32\drivers\aswRdr2.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.411345500Z
fe0.cac:     LastWriteTime:   2017-06-29T23:00:14.852941000Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x1af10
fe0.cac:     NT Headers:      0xf0
fe0.cac:     Timestamp:       0x59485232
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x59485232
fe0.cac:     Image Version:   6.1
fe0.cac:     SizeOfImage:     0x1a000 (106496)
fe0.cac:     Resource Dir:    0x18000 LB 0x398
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3540.0
fe0.cac:     FileVersion:     17.5.3540.0 built by: WinDDK
fe0.cac:     FileDescription: Avast WFP Redirect Driver
fe0.cac: \SystemRoot\System32\drivers\aswRvrt.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.458145600Z
fe0.cac:     LastWriteTime:   2017-06-29T23:00:14.930941200Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x149a8
fe0.cac:     NT Headers:      0xf0
fe0.cac:     Timestamp:       0x5948521c
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x5948521c
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0x13000 (77824)
fe0.cac:     Resource Dir:    0x11000 LB 0x388
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3540.0
fe0.cac:     FileVersion:     17.5.3540.0
fe0.cac:     FileDescription: Avast Revert
fe0.cac: \SystemRoot\System32\drivers\aswSnx.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.395745500Z
fe0.cac:     LastWriteTime:   2017-08-09T23:07:02.361309900Z
fe0.cac:     ChangeTime:      2017-08-09T23:07:02.361309900Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0xf8048
fe0.cac:     NT Headers:      0xe8
fe0.cac:     Timestamp:       0x598357b2
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x598357b2
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0xf6000 (1007616)
fe0.cac:     Resource Dir:    0xee000 LB 0x380
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0xee060 LB 0x31c, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3585.203
fe0.cac:     FileVersion:     17.5.3585.203
fe0.cac:     FileDescription: Avast Virtualization Driver
fe0.cac: \SystemRoot\System32\drivers\aswsp.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.473745600Z
fe0.cac:     LastWriteTime:   2017-06-29T23:00:14.946541200Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x8ef88
fe0.cac:     NT Headers:      0xe0
fe0.cac:     Timestamp:       0x594c4886
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x594c4886
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0xb1000 (724992)
fe0.cac:     Resource Dir:    0xaf000 LB 0x370
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3556.0
fe0.cac:     FileVersion:     17.5.3556.0
fe0.cac:     FileDescription: Avast self protection module
fe0.cac: \SystemRoot\System32\drivers\aswStm.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.520545700Z
fe0.cac:     LastWriteTime:   2017-06-29T23:00:14.977741300Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x30870
fe0.cac:     NT Headers:      0x100
fe0.cac:     Timestamp:       0x59485687
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x59485687
fe0.cac:     Image Version:   10.0
fe0.cac:     SizeOfImage:     0x31000 (200704)
fe0.cac:     Resource Dir:    0x2f000 LB 0x350
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
fe0.cac:     [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3540.0
fe0.cac:     FileVersion:     17.5.3540.0
fe0.cac:     FileDescription: Stream Filter
fe0.cac: \SystemRoot\System32\drivers\aswVmm.sys:
fe0.cac:     CreationTime:    2017-06-29T23:00:17.504945700Z
fe0.cac:     LastWriteTime:   2017-07-01T00:41:58.681791100Z
fe0.cac:     ChangeTime:      2017-07-25T16:12:53.136855600Z
fe0.cac:     FileAttributes:  0x20
fe0.cac:     Size:            0x58378
fe0.cac:     NT Headers:      0xe8
fe0.cac:     Timestamp:       0x59551244
fe0.cac:     Machine:         0x8664 - amd64
fe0.cac:     Timestamp:       0x59551244
fe0.cac:     Image Version:   6.0
fe0.cac:     SizeOfImage:     0x56000 (352256)
fe0.cac:     Resource Dir:    0x53000 LB 0x398
fe0.cac:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
fe0.cac:     [Raw version resource data: 0x53060 LB 0x338, codepage 0x0 (reserved 0x0)]
fe0.cac:     ProductName:     Avast Antivirus 
fe0.cac:     ProductVersion:  17.5.3559.170
fe0.cac:     FileVersion:     17.5.3559.170
fe0.cac:     FileDescription: Avast VM Monitor
fe0.cac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
fe0.cac: Calling main()
fe0.cac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
fe0.cac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
fe0.cac: SUPR3HardenedMain: Respawn #1
fe0.cac: System32:  \Device\HarddiskVolume2\Windows\System32
fe0.cac: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
fe0.cac: KnownDllPath: C:\Windows\system32
fe0.cac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
fe0.cac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
fe0.cac: supR3HardNtEnableThreadCreation:
fe0.cac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000772aa360 pvNtTerminateThread=00000000772cc260
fe0.cac: supR3HardenedWinDoReSpawn(1): New child aa4.f90 [kernel32].
fe0.cac: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
fe0.cac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077280000 uNtDllChildAddr=0000000077280000
fe0.cac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000772aa360
fe0.cac: supR3HardenedWinSetupChildInit: Start child.
fe0.cac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
fe0.cac: supR3HardNtChildPurify: Startup delay kludge #1/0: 514 ms, 33 sleeps
fe0.cac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
fe0.cac:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
fe0.cac:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
fe0.cac:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
fe0.cac:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
fe0.cac:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
fe0.cac:   0000000000041000-000000000019ffff 0x0001/0x0000 0x0000000
fe0.cac:  *00000000001a0000-000000000029bfff 0x0000/0x0004 0x0020000
fe0.cac:   000000000029c000-000000000029dfff 0x0104/0x0004 0x0020000
fe0.cac:   000000000029e000-000000000029ffff 0x0004/0x0004 0x0020000
fe0.cac:   00000000002a0000-000000007727ffff 0x0001/0x0000 0x0000000
fe0.cac:  *0000000077280000-0000000077280fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   0000000077281000-000000007737dfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   000000007737e000-00000000773acfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   00000000773ad000-00000000773b6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   00000000773b7000-00000000773b7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   00000000773b8000-00000000773bafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   00000000773bb000-0000000077429fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
fe0.cac:   000000007742a000-000000007efdffff 0x0001/0x0000 0x0000000
fe0.cac:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
fe0.cac:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
fe0.cac:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
fe0.cac:   000000007fff0000-000000013ffdffff 0x0001/0x0000 0x0000000
fe0.cac:  *000000013ffe0000-000000013ffe0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   000000013ffe1000-0000000140050fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   0000000140051000-0000000140051fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   0000000140052000-0000000140096fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   0000000140097000-0000000140097fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   0000000140098000-0000000140098fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   0000000140099000-000000014009dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   000000014009e000-000000014009efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   000000014009f000-000000014009ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   00000001400a0000-00000001400a3fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   00000001400a4000-00000001400ebfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
fe0.cac:   00000001400ec000-000007feff59ffff 0x0001/0x0000 0x0000000
fe0.cac:  *000007feff5a0000-000007feff5a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
fe0.cac:   000007feff5a1000-000007fffffaffff 0x0001/0x0000 0x0000000
fe0.cac:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
fe0.cac:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
fe0.cac:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
fe0.cac:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
fe0.cac:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
fe0.cac: apisetschema.dll: timestamp 0x595fa921 (rc=VINF_SUCCESS)
fe0.cac: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
fe0.cac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
fe0.cac: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
fe0.cac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
fe0.cac: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
aa4.f90: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
aa4.f90: supR3HardenedVmProcessInit: uNtDllAddr=0000000077280000 g_uNtVerCombined=0x611db100
fe0.cac: supR3HardNtEnableThreadCreation:
aa4.f90: ntdll.dll: timestamp 0x595fa942 (rc=VINF_SUCCESS)
aa4.f90: New simple heap: #1 00000000002a0000 LB 0x400000 (for 1744896 allocation)
aa4.f90: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
aa4.f90: System32:  \Device\HarddiskVolume2\Windows\System32
aa4.f90: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
aa4.f90: KnownDllPath: C:\Windows\system32
aa4.f90: supR3HardenedVmProcessInit: Opening vboxdrv stub...
aa4.f90: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
aa4.f90: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
aa4.f90: Registered Dll notification callback with NTDLL.
aa4.f90: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
aa4.f90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
aa4.f90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
aa4.f90: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
aa4.f90: supR3HardenedDllNotificationCallback: load   0000000077060000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
aa4.f90: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
aa4.f90: supR3HardenedDllNotificationCallback: load   000007fefcff0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
aa4.f90: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
aa4.f90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
aa4.f90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
aa4.f90: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000772aa360 pvNtTerminateThread=00000000772cc260
fe0.cac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 46 ms.
aa4.f90: \SystemRoot\System32\ntdll.dll:
aa4.f90:     CreationTime:    2017-08-08T23:30:52.086684000Z
aa4.f90:     LastWriteTime:   2017-07-07T15:31:14.558275200Z
aa4.f90:     ChangeTime:      2017-08-09T23:19:40.530998500Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x1a7100
aa4.f90:     NT Headers:      0xe0
aa4.f90:     Timestamp:       0x595fa942
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x595fa942
aa4.f90:     Image Version:   6.1
aa4.f90:     SizeOfImage:     0x1aa000 (1744896)
aa4.f90:     Resource Dir:    0x14e000 LB 0x5a028
aa4.f90:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Microsoft® Windows® Operating System
aa4.f90:     ProductVersion:  6.1.7601.23864
aa4.f90:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
aa4.f90:     FileDescription: NT Layer DLL
aa4.f90: \SystemRoot\System32\kernel32.dll:
aa4.f90:     CreationTime:    2017-08-08T23:30:50.869881900Z
aa4.f90:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
aa4.f90:     ChangeTime:      2017-08-09T23:19:40.780598900Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x11c000
aa4.f90:     NT Headers:      0xe0
aa4.f90:     Timestamp:       0x595fa987
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x595fa987
aa4.f90:     Image Version:   6.1
aa4.f90:     SizeOfImage:     0x11f000 (1175552)
aa4.f90:     Resource Dir:    0x116000 LB 0x528
aa4.f90:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Microsoft® Windows® Operating System
aa4.f90:     ProductVersion:  6.1.7601.23864
aa4.f90:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
aa4.f90:     FileDescription: Windows NT BASE API Client DLL
aa4.f90: \SystemRoot\System32\KernelBase.dll:
aa4.f90:     CreationTime:    2017-08-08T23:30:50.760681700Z
aa4.f90:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
aa4.f90:     ChangeTime:      2017-08-09T23:19:40.780598900Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x66800
aa4.f90:     NT Headers:      0xe8
aa4.f90:     Timestamp:       0x595fa988
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x595fa988
aa4.f90:     Image Version:   6.1
aa4.f90:     SizeOfImage:     0x6a000 (434176)
aa4.f90:     Resource Dir:    0x68000 LB 0x530
aa4.f90:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Microsoft® Windows® Operating System
aa4.f90:     ProductVersion:  6.1.7601.23864
aa4.f90:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
aa4.f90:     FileDescription: Windows NT BASE API Client DLL
aa4.f90: \SystemRoot\System32\apisetschema.dll:
aa4.f90:     CreationTime:    2017-08-08T23:30:50.386281000Z
aa4.f90:     LastWriteTime:   2017-07-07T15:29:28.923000000Z
aa4.f90:     ChangeTime:      2017-08-09T23:19:40.515398500Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x1a00
aa4.f90:     NT Headers:      0xc0
aa4.f90:     Timestamp:       0x595fa921
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x595fa921
aa4.f90:     Image Version:   6.1
aa4.f90:     SizeOfImage:     0x50000 (327680)
aa4.f90:     Resource Dir:    0x30000 LB 0x3f8
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Microsoft® Windows® Operating System
aa4.f90:     ProductVersion:  6.1.7601.23864
aa4.f90:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
aa4.f90:     FileDescription: ApiSet Schema DLL
aa4.f90: NtOpenDirectoryObject failed on \Driver: 0xc0000022
aa4.f90: supR3HardenedWinFindAdversaries: 0x4
aa4.f90: \SystemRoot\System32\drivers\aswHwid.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.426945600Z
aa4.f90:     LastWriteTime:   2017-06-29T23:00:14.915341100Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0xb788
aa4.f90:     NT Headers:      0xe8
aa4.f90:     Timestamp:       0x5948521a
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x5948521a
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0xa000 (40960)
aa4.f90:     Resource Dir:    0x8000 LB 0x388
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3540.0
aa4.f90:     FileVersion:     17.5.3540.0
aa4.f90:     FileDescription: Avast HWID
aa4.f90: \SystemRoot\System32\drivers\aswMonFlt.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.442545600Z
aa4.f90:     LastWriteTime:   2017-08-09T23:07:02.319304500Z
aa4.f90:     ChangeTime:      2017-08-09T23:07:02.319304500Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x23d10
aa4.f90:     NT Headers:      0xe0
aa4.f90:     Timestamp:       0x59835a6c
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x59835a6c
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0x27000 (159744)
aa4.f90:     Resource Dir:    0x25000 LB 0x3b8
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x25060 LB 0x354, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3585.203
aa4.f90:     FileVersion:     17.5.3585.203
aa4.f90:     FileDescription: Avast File System Minifilter for Windows 2003/Vista
aa4.f90: \SystemRoot\System32\drivers\aswRdr2.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.411345500Z
aa4.f90:     LastWriteTime:   2017-06-29T23:00:14.852941000Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x1af10
aa4.f90:     NT Headers:      0xf0
aa4.f90:     Timestamp:       0x59485232
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x59485232
aa4.f90:     Image Version:   6.1
aa4.f90:     SizeOfImage:     0x1a000 (106496)
aa4.f90:     Resource Dir:    0x18000 LB 0x398
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3540.0
aa4.f90:     FileVersion:     17.5.3540.0 built by: WinDDK
aa4.f90:     FileDescription: Avast WFP Redirect Driver
aa4.f90: \SystemRoot\System32\drivers\aswRvrt.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.458145600Z
aa4.f90:     LastWriteTime:   2017-06-29T23:00:14.930941200Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x149a8
aa4.f90:     NT Headers:      0xf0
aa4.f90:     Timestamp:       0x5948521c
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x5948521c
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0x13000 (77824)
aa4.f90:     Resource Dir:    0x11000 LB 0x388
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3540.0
aa4.f90:     FileVersion:     17.5.3540.0
aa4.f90:     FileDescription: Avast Revert
aa4.f90: \SystemRoot\System32\drivers\aswSnx.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.395745500Z
aa4.f90:     LastWriteTime:   2017-08-09T23:07:02.361309900Z
aa4.f90:     ChangeTime:      2017-08-09T23:07:02.361309900Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0xf8048
aa4.f90:     NT Headers:      0xe8
aa4.f90:     Timestamp:       0x598357b2
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x598357b2
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0xf6000 (1007616)
aa4.f90:     Resource Dir:    0xee000 LB 0x380
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0xee060 LB 0x31c, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3585.203
aa4.f90:     FileVersion:     17.5.3585.203
aa4.f90:     FileDescription: Avast Virtualization Driver
aa4.f90: \SystemRoot\System32\drivers\aswsp.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.473745600Z
aa4.f90:     LastWriteTime:   2017-06-29T23:00:14.946541200Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x8ef88
aa4.f90:     NT Headers:      0xe0
aa4.f90:     Timestamp:       0x594c4886
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x594c4886
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0xb1000 (724992)
aa4.f90:     Resource Dir:    0xaf000 LB 0x370
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3556.0
aa4.f90:     FileVersion:     17.5.3556.0
aa4.f90:     FileDescription: Avast self protection module
aa4.f90: \SystemRoot\System32\drivers\aswStm.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.520545700Z
aa4.f90:     LastWriteTime:   2017-06-29T23:00:14.977741300Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x30870
aa4.f90:     NT Headers:      0x100
aa4.f90:     Timestamp:       0x59485687
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x59485687
aa4.f90:     Image Version:   10.0
aa4.f90:     SizeOfImage:     0x31000 (200704)
aa4.f90:     Resource Dir:    0x2f000 LB 0x350
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
aa4.f90:     [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3540.0
aa4.f90:     FileVersion:     17.5.3540.0
aa4.f90:     FileDescription: Stream Filter
aa4.f90: \SystemRoot\System32\drivers\aswVmm.sys:
aa4.f90:     CreationTime:    2017-06-29T23:00:17.504945700Z
aa4.f90:     LastWriteTime:   2017-07-01T00:41:58.681791100Z
aa4.f90:     ChangeTime:      2017-07-25T16:12:53.136855600Z
aa4.f90:     FileAttributes:  0x20
aa4.f90:     Size:            0x58378
aa4.f90:     NT Headers:      0xe8
aa4.f90:     Timestamp:       0x59551244
aa4.f90:     Machine:         0x8664 - amd64
aa4.f90:     Timestamp:       0x59551244
aa4.f90:     Image Version:   6.0
aa4.f90:     SizeOfImage:     0x56000 (352256)
aa4.f90:     Resource Dir:    0x53000 LB 0x398
aa4.f90:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
aa4.f90:     [Raw version resource data: 0x53060 LB 0x338, codepage 0x0 (reserved 0x0)]
aa4.f90:     ProductName:     Avast Antivirus 
aa4.f90:     ProductVersion:  17.5.3559.170
aa4.f90:     FileVersion:     17.5.3559.170
aa4.f90:     FileDescription: Avast VM Monitor
aa4.f90: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
aa4.f90: Calling main()
aa4.f90: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
aa4.f90: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
aa4.f90: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
aa4.f90: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
aa4.f90: SUPR3HardenedMain: Respawn #2
aa4.f90: supR3HardNtEnableThreadCreation:
aa4.f90: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
aa4.f90: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
aa4.f90: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
aa4.f90: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
aa4.f90: supR3HardenedDllNotificationCallback: load   000007fefcdb0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
aa4.f90: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
aa4.f90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdb0000 'C:\Windows\system32\apphelp.dll'
aa4.f90: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000772aa360 pvNtTerminateThread=00000000772cc260
aa4.f90: supR3HardenedWinDoReSpawn(2): New child 1694.598 [kernel32].
aa4.f90: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
aa4.f90: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077280000 uNtDllChildAddr=0000000077280000
aa4.f90: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000772aa360
aa4.f90: supR3HardenedWinSetupChildInit: Start child.
aa4.f90: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
aa4.f90: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
aa4.f90: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
aa4.f90:  *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
aa4.f90:  *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
aa4.f90:  *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
aa4.f90:   0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
aa4.f90:  *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
aa4.f90:   0000000000041000-00000000000affff 0x0001/0x0000 0x0000000
aa4.f90:  *00000000000b0000-00000000001abfff 0x0000/0x0004 0x0020000
aa4.f90:   00000000001ac000-00000000001adfff 0x0104/0x0004 0x0020000
aa4.f90:   00000000001ae000-00000000001affff 0x0004/0x0004 0x0020000
aa4.f90:   00000000001b0000-000000007727ffff 0x0001/0x0000 0x0000000
aa4.f90:  *0000000077280000-0000000077280fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   0000000077281000-000000007737dfff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   000000007737e000-00000000773acfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   00000000773ad000-00000000773b6fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   00000000773b7000-00000000773b7fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   00000000773b8000-00000000773bafff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   00000000773bb000-0000000077429fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\ntdll.dll
aa4.f90:   000000007742a000-000000007efdffff 0x0001/0x0000 0x0000000
aa4.f90:  *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
aa4.f90:  *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
aa4.f90:   000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
aa4.f90:   000000007fff0000-000000013ffdffff 0x0001/0x0000 0x0000000
aa4.f90:  *000000013ffe0000-000000013ffe0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   000000013ffe1000-0000000140050fff 0x0020/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   0000000140051000-0000000140051fff 0x0080/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   0000000140052000-0000000140096fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   0000000140097000-0000000140097fff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   0000000140098000-0000000140098fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   0000000140099000-000000014009dfff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   000000014009e000-000000014009efff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   000000014009f000-000000014009ffff 0x0004/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   00000001400a0000-00000001400a3fff 0x0008/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   00000001400a4000-00000001400ebfff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
aa4.f90:   00000001400ec000-000007feff59ffff 0x0001/0x0000 0x0000000
aa4.f90:  *000007feff5a0000-000007feff5a0fff 0x0002/0x0080 0x1000000  \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
aa4.f90:   000007feff5a1000-000007fffffaffff 0x0001/0x0000 0x0000000
aa4.f90:  *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
aa4.f90:   000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
aa4.f90:  *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
aa4.f90:  *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
aa4.f90:  *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
aa4.f90: apisetschema.dll: timestamp 0x595fa921 (rc=VINF_SUCCESS)
aa4.f90: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
aa4.f90: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
aa4.f90: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
aa4.f90: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
aa4.f90: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
1694.598: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1694.598: supR3HardenedVmProcessInit: uNtDllAddr=0000000077280000 g_uNtVerCombined=0x611db100
aa4.f90: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002a0000 LB 0x400000)
aa4.f90: supR3HardNtEnableThreadCreation:
1694.598: ntdll.dll: timestamp 0x595fa942 (rc=VINF_SUCCESS)
1694.598: New simple heap: #1 00000000002b0000 LB 0x400000 (for 1744896 allocation)
1694.598: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1694.598: System32:  \Device\HarddiskVolume2\Windows\System32
1694.598: WinSxS:    \Device\HarddiskVolume2\Windows\winsxs
1694.598: KnownDllPath: C:\Windows\system32
1694.598: supR3HardenedVmProcessInit: Opening vboxdrv...
1694.598: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1694.598: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1694.598: Registered Dll notification callback with NTDLL.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   0000000077060000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefcff0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
1694.598: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000772aa360 pvNtTerminateThread=00000000772cc260
aa4.f90: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 47 ms.
1694.598: \SystemRoot\System32\ntdll.dll:
1694.598:     CreationTime:    2017-08-08T23:30:52.086684000Z
1694.598:     LastWriteTime:   2017-07-07T15:31:14.558275200Z
1694.598:     ChangeTime:      2017-08-09T23:19:40.530998500Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x1a7100
1694.598:     NT Headers:      0xe0
1694.598:     Timestamp:       0x595fa942
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x595fa942
1694.598:     Image Version:   6.1
1694.598:     SizeOfImage:     0x1aa000 (1744896)
1694.598:     Resource Dir:    0x14e000 LB 0x5a028
1694.598:     [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Microsoft® Windows® Operating System
1694.598:     ProductVersion:  6.1.7601.23864
1694.598:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
1694.598:     FileDescription: NT Layer DLL
1694.598: \SystemRoot\System32\kernel32.dll:
1694.598:     CreationTime:    2017-08-08T23:30:50.869881900Z
1694.598:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
1694.598:     ChangeTime:      2017-08-09T23:19:40.780598900Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x11c000
1694.598:     NT Headers:      0xe0
1694.598:     Timestamp:       0x595fa987
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x595fa987
1694.598:     Image Version:   6.1
1694.598:     SizeOfImage:     0x11f000 (1175552)
1694.598:     Resource Dir:    0x116000 LB 0x528
1694.598:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Microsoft® Windows® Operating System
1694.598:     ProductVersion:  6.1.7601.23864
1694.598:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
1694.598:     FileDescription: Windows NT BASE API Client DLL
1694.598: \SystemRoot\System32\KernelBase.dll:
1694.598:     CreationTime:    2017-08-08T23:30:50.760681700Z
1694.598:     LastWriteTime:   2017-07-07T15:29:33.479000000Z
1694.598:     ChangeTime:      2017-08-09T23:19:40.780598900Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x66800
1694.598:     NT Headers:      0xe8
1694.598:     Timestamp:       0x595fa988
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x595fa988
1694.598:     Image Version:   6.1
1694.598:     SizeOfImage:     0x6a000 (434176)
1694.598:     Resource Dir:    0x68000 LB 0x530
1694.598:     [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Microsoft® Windows® Operating System
1694.598:     ProductVersion:  6.1.7601.23864
1694.598:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
1694.598:     FileDescription: Windows NT BASE API Client DLL
1694.598: \SystemRoot\System32\apisetschema.dll:
1694.598:     CreationTime:    2017-08-08T23:30:50.386281000Z
1694.598:     LastWriteTime:   2017-07-07T15:29:28.923000000Z
1694.598:     ChangeTime:      2017-08-09T23:19:40.515398500Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x1a00
1694.598:     NT Headers:      0xc0
1694.598:     Timestamp:       0x595fa921
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x595fa921
1694.598:     Image Version:   6.1
1694.598:     SizeOfImage:     0x50000 (327680)
1694.598:     Resource Dir:    0x30000 LB 0x3f8
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Microsoft® Windows® Operating System
1694.598:     ProductVersion:  6.1.7601.23864
1694.598:     FileVersion:     6.1.7601.23864 (win7sp1_ldr.170707-0600)
1694.598:     FileDescription: ApiSet Schema DLL
1694.598: NtOpenDirectoryObject failed on \Driver: 0xc0000022
1694.598: supR3HardenedWinFindAdversaries: 0x4
1694.598: \SystemRoot\System32\drivers\aswHwid.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.426945600Z
1694.598:     LastWriteTime:   2017-06-29T23:00:14.915341100Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0xb788
1694.598:     NT Headers:      0xe8
1694.598:     Timestamp:       0x5948521a
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x5948521a
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0xa000 (40960)
1694.598:     Resource Dir:    0x8000 LB 0x388
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3540.0
1694.598:     FileVersion:     17.5.3540.0
1694.598:     FileDescription: Avast HWID
1694.598: \SystemRoot\System32\drivers\aswMonFlt.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.442545600Z
1694.598:     LastWriteTime:   2017-08-09T23:07:02.319304500Z
1694.598:     ChangeTime:      2017-08-09T23:07:02.319304500Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x23d10
1694.598:     NT Headers:      0xe0
1694.598:     Timestamp:       0x59835a6c
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x59835a6c
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0x27000 (159744)
1694.598:     Resource Dir:    0x25000 LB 0x3b8
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x25060 LB 0x354, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3585.203
1694.598:     FileVersion:     17.5.3585.203
1694.598:     FileDescription: Avast File System Minifilter for Windows 2003/Vista
1694.598: \SystemRoot\System32\drivers\aswRdr2.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.411345500Z
1694.598:     LastWriteTime:   2017-06-29T23:00:14.852941000Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x1af10
1694.598:     NT Headers:      0xf0
1694.598:     Timestamp:       0x59485232
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x59485232
1694.598:     Image Version:   6.1
1694.598:     SizeOfImage:     0x1a000 (106496)
1694.598:     Resource Dir:    0x18000 LB 0x398
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3540.0
1694.598:     FileVersion:     17.5.3540.0 built by: WinDDK
1694.598:     FileDescription: Avast WFP Redirect Driver
1694.598: \SystemRoot\System32\drivers\aswRvrt.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.458145600Z
1694.598:     LastWriteTime:   2017-06-29T23:00:14.930941200Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x149a8
1694.598:     NT Headers:      0xf0
1694.598:     Timestamp:       0x5948521c
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x5948521c
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0x13000 (77824)
1694.598:     Resource Dir:    0x11000 LB 0x388
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3540.0
1694.598:     FileVersion:     17.5.3540.0
1694.598:     FileDescription: Avast Revert
1694.598: \SystemRoot\System32\drivers\aswSnx.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.395745500Z
1694.598:     LastWriteTime:   2017-08-09T23:07:02.361309900Z
1694.598:     ChangeTime:      2017-08-09T23:07:02.361309900Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0xf8048
1694.598:     NT Headers:      0xe8
1694.598:     Timestamp:       0x598357b2
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x598357b2
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0xf6000 (1007616)
1694.598:     Resource Dir:    0xee000 LB 0x380
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0xee060 LB 0x31c, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3585.203
1694.598:     FileVersion:     17.5.3585.203
1694.598:     FileDescription: Avast Virtualization Driver
1694.598: \SystemRoot\System32\drivers\aswsp.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.473745600Z
1694.598:     LastWriteTime:   2017-06-29T23:00:14.946541200Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x8ef88
1694.598:     NT Headers:      0xe0
1694.598:     Timestamp:       0x594c4886
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x594c4886
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0xb1000 (724992)
1694.598:     Resource Dir:    0xaf000 LB 0x370
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3556.0
1694.598:     FileVersion:     17.5.3556.0
1694.598:     FileDescription: Avast self protection module
1694.598: \SystemRoot\System32\drivers\aswStm.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.520545700Z
1694.598:     LastWriteTime:   2017-06-29T23:00:14.977741300Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x30870
1694.598:     NT Headers:      0x100
1694.598:     Timestamp:       0x59485687
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x59485687
1694.598:     Image Version:   10.0
1694.598:     SizeOfImage:     0x31000 (200704)
1694.598:     Resource Dir:    0x2f000 LB 0x350
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
1694.598:     [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3540.0
1694.598:     FileVersion:     17.5.3540.0
1694.598:     FileDescription: Stream Filter
1694.598: \SystemRoot\System32\drivers\aswVmm.sys:
1694.598:     CreationTime:    2017-06-29T23:00:17.504945700Z
1694.598:     LastWriteTime:   2017-07-01T00:41:58.681791100Z
1694.598:     ChangeTime:      2017-07-25T16:12:53.136855600Z
1694.598:     FileAttributes:  0x20
1694.598:     Size:            0x58378
1694.598:     NT Headers:      0xe8
1694.598:     Timestamp:       0x59551244
1694.598:     Machine:         0x8664 - amd64
1694.598:     Timestamp:       0x59551244
1694.598:     Image Version:   6.0
1694.598:     SizeOfImage:     0x56000 (352256)
1694.598:     Resource Dir:    0x53000 LB 0x398
1694.598:     [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1694.598:     [Raw version resource data: 0x53060 LB 0x338, codepage 0x0 (reserved 0x0)]
1694.598:     ProductName:     Avast Antivirus 
1694.598:     ProductVersion:  17.5.3559.170
1694.598:     FileVersion:     17.5.3559.170
1694.598:     FileDescription: Avast VM Monitor
1694.598: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1694.598: Calling main()
1694.598: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1694.598: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1694.598: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1694.598: SUPR3HardenedMain: Final process, opening VBoxDrv...
1694.598: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002b0000 LB 0x400000)
1694.598: supR3HardNtEnableThreadCreation:
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ab7b1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fef5f80000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a8f31:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a8f31:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5f80000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad5c1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefcfb0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd610000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd150000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefcf70000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007feff070000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\Wintrust.dll'
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad5c1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc8f0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\bcrypt.dll'
1694.598: bcrypt.dll loaded at 000007fefc8f0000, BCryptOpenAlgorithmProvider at 000007fefc8f2460, preloading providers:
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad5a1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc3e0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd450000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefe7f0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3e0000 'C:\Windows\system32\bcryptprimitives.dll'
1694.598:     BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000089c090)
1694.598:     BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000089df50)
1694.598:     BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000089e080)
1694.598:     BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000089e2a0)
1694.598:     BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000089e3d0)
1694.598:     BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000089e500)
1694.598:     BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000089e750)
1694.598:     BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000089e880)
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad111:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc7a0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\Windows\system32\CRYPTSP.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad0a1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc4a0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc4a0000 'C:\Windows\system32\rsaenh.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac931:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001accb1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefce10000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\CRYPTBASE.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac6e1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad071:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\WINTRUST.DLL'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001acea1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\CRYPT32.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001acef1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007feff570000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff570000 'C:\Windows\system32\imagehlp.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad041:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\Windows\system32\CRYPTSP.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001acb71:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   0000000077180000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd780000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd7f0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefeec0000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac071:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\gdi32.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ab9b1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd750000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd330000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd750000 'C:\Windows\system32\IMM32.DLL'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\USER32.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ace71:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc920000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc920000 'C:\Windows\system32\ncrypt.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001acc61:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8f0000 'C:\Windows\system32\bcrypt.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac5f1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd100000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefcf80000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\USERENV.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac351:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac6e1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac911:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefc210000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc210000 'C:\Windows\system32\GPAPI.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac861:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001abf61:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\Windows\system32\rpcrt4.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac841:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac851:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac351:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fef8c40000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd5b0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001ab581:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001abc71:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001abc71:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\profapi.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ab701:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd530000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\SHLWAPI.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8D1E7AF77C8E31C723E97ADD378C1707C0ED4D09
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac631:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac191:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac191:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac631:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac5e1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001ac2d1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\SystemRoot\System32\ntdll.dll'
1694.598: g_pfnWinVerifyTrust=000007fefcfb1010
1694.598: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1694.598: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C98DA6A5C5D40E628701C3AAF8EA5A40DD2689D2
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F62B9D98E1DE7981ECBEA8B3F88C873F925211D
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFAF060D43CBE108CC0D9F19F7A46C65B71782E8
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54204179B88581EFC0328D16D151171EADAA7023
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C825E345B3737457F9C8CE8AE46B101F3EE4F2D4
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0F801CACE85738226CF0FE6E874CCC0F19833A9E
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EB1FE2F561CE20B9DFBA19009F4A05AF3D449D52
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=52F202663F9DED85B54F9D01490BBEDACE8A7787
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0EF7B4F59A4CAFF4E8B7CE99D7498EADCCFB39FE
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C9917E80D1AAEFAAFEDE6EDA805A8F2995480127
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75CCD2778844D148B2A8A128FB2D1691A441A7FA
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac0d1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\crypt32.dll'
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x9372cefd77d5d300 OU=generated by avast! antivirus for SSL/TLS scanning, O=avast! Web/Mail Shield, CN=avast! Web/Mail Shield Root
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xd27ca3602f37c200 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, [email protected]
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1694.598: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1694.598: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=39
1694.598: SUPR3HardenedMain: Load Runtime...
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac401:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feed840000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedDllNotificationCallback: load   000000005df20000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedDllNotificationCallback: load   000000005e040000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefee70000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd440000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a9b41:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed840000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001adf61:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\Wintrust.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001acab1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\crypt32.dll'
1694.598: SUPR3HardenedMain: Load TrustedMain...
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3D6DA21FECCBC3CFB6FD4597280DC013ADD2D59
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBC6DA834E0DA642E3A7EB4466EBDC7921EDD667
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66AD59F39F40705A9BA47254FA40331C3501DB8F
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_413_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac411:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feecf50000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feece30000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef5930000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feecd30000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef5dd0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd800000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd2e0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefef90000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefe810000 LB 0x001fc000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd120000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefb120000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000000005d9b0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd9e0000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef47c0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feec730000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000000005d440000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feec6d0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1694.598: supR3HardenedDllNotificationCallback: load   000007fef9cd0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1694.598: supR3HardenedDllNotificationCallback: load   000007fefd6b0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef9d50000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000000005ce30000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefafa0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1694.598: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ab9e1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd750000 'C:\Windows\system32\imm32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.DLL'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\cryptbase.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feecf50000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1694.598: SUPR3HardenedMain: Calling TrustedMain (000007feecf51610)...
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001add51:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ac431:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\Windows\system32\profapi.dll'
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae721:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feec5a0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec5a0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae651:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce10000 'C:\Windows\system32\CRYPTBASE.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000588 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae121:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefb530000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb530000 'C:\Windows\system32\uxtheme.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001adb61:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb530000 'C:\Windows\system32\uxtheme.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad8d1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb530000 'C:\Windows\system32\uxtheme.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ad8d1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb530000 'C:\Windows\system32\uxtheme.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\user32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae961:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae841:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001ae001:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb120000 'C:\Windows\system32\dwmapi.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aed81:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aed81:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001af061:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001af031:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb530000 'C:\Windows\system32\uxtheme.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\advapi32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aef91:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\userenv.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001af071:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077060000 'C:\Windows\system32\kernel32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001abd41:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007feff4d0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\Windows\system32\CLBCatQ.DLL'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aab91:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7a0000 'C:\Windows\system32\CRYPTSP.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d8 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aa751:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fefcec0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcec0000 'C:\Windows\system32\RpcRtRemote.dll'
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1694.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1694.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000497e4f1:<flags> [calling]
1694.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1694.1138: supR3HardenedDllNotificationCallback: load   000007feebfe0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1694.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1694.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebfe0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1694.1138: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1694.1138: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
1694.1138: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.1138: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000497cf91:<flags> [calling]
1694.1138: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1694.1138: supR3HardenedDllNotificationCallback: load   000007feec4e0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
1694.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
1694.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec4e0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
1694.1138: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.1138: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000497ce21:<flags> [calling]
1694.1138: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\oleaut32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\Windows\system32\gdi32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aab51:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a7f61:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\OLEAUT32.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000092c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000930 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a67f1:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef7d80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef7f30000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7d80000 'C:\Windows\system32\wbem\wbemprox.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000958 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a6431:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef7390000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7390000 'C:\Windows\system32\wbem\wbemsvc.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000964 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
1694.598: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
1694.598: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1694.598: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
1694.598: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
1694.598: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.598: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a6471:<flags> [calling]
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef7dc0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
1694.598: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
1694.598: supR3HardenedDllNotificationCallback: load   000007fef7d90000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7dc0000 'C:\Windows\system32\wbem\fastprox.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\OLEAUT32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001a6261:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\WINMM.dll'
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
1694.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1694.1160: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
1694.1160: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
1694.1160: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.1160: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.1160: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000079ce421:<flags> [calling]
1694.1160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.1160: supR3HardenedDllNotificationCallback: load   000007feea510000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
1694.1160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.1160: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1694.1160: supR3HardenedDllNotificationCallback: load   000000005c730000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
1694.1160: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
1694.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea510000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
1694.654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1694.654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.654: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.654: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
1694.654: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1694.654: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.654: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.654: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007d7d9c1:<flags> [calling]
1694.654: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1694.654: supR3HardenedDllNotificationCallback: load   000007fef5dc0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
1694.654: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
1694.654: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5dc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
1694.654: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077180000 'C:\Windows\system32\User32.dll'
1694.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.ec4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
1694.ec4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.ec4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.ec4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000828dad1:<flags> [calling]
1694.ec4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1694.ec4: supR3HardenedDllNotificationCallback: load   000007fef5d70000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
1694.ec4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
1694.ec4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5d70000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
1694.378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694.378: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.378: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
1694.378: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.378: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.378: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1694.378: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000084edbd1:<flags> [calling]
1694.378: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1694.378: supR3HardenedDllNotificationCallback: load   000007fef5d60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
1694.378: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
1694.378: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5d60000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
1694.f94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.f94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1694.f94: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.f94: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
1694.f94: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.f94: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.f94: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000087adb31:<flags> [calling]
1694.f94: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1694.f94: supR3HardenedDllNotificationCallback: load   000007fef58e0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
1694.f94: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
1694.f94: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef58e0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\Shell32.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007b59371:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000be4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bec pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d861:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fee9b60000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007feebf80000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007feeba70000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedDllNotificationCallback: load   000007fef98e0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fef98d0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9b60000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d861:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebfe0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d771:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeba70000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
1694.17b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1694.17b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
1694.17b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1694.17b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
1694.17b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
1694.17b0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694.17b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1694.17b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000cfbdb91:<flags> [calling]
1694.17b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1694.17b0: supR3HardenedDllNotificationCallback: load   000007fef58d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
1694.17b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
1694.17b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef58d0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d6a1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Windows\system32\Iphlpapi.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cfc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e841:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fef96e0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96e0000 'C:\Windows\system32\dhcpcsvc.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e4a1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Windows\system32\IPHLPAPI.DLL'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B9B444EEE6F858BAE572BDDE53A4FA1A1E7957B
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e7f1:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fef96c0000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\dhcpcsvc6.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e511:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\Windows\system32\IPHLPAPI.DLL'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d8c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d90 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d611:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007feeb580000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefbdb0000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5c981:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb580000 'C:\Windows\System32\dsound.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb580000 'C:\Windows\System32\dsound.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d6f1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb580000 'C:\Windows\system32\dsound.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d94 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d0e1:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefbd60000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefbc30000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd450000 'C:\Windows\system32\ADVAPI32.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd60000 'C:\Windows\System32\MMDevApi.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d411:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd800000 'C:\Windows\system32\SETUPAPI.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e2f1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd530000 'C:\Windows\system32\SHLWAPI.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e511:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd60000 'C:\Windows\system32\MMDEVAPI.DLL'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.1258: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1694.1258: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000019aff6f1:<flags> [calling]
1694.1258: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\CFGMGR32.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e141:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007b5dfa1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007b5dfa1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\Windows\system32\RPCRT4.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e001:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd60000 'C:\Windows\system32\MMDevAPI.DLL'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5db71:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefaf40000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1694.124c: supR3HardenedDllNotificationCallback: load   0000000074b00000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefbbe0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5db71:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_109_for_KB4034664~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd31:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefadd0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\system32\AUDIOSES.DLL'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5dd21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf40000 'C:\Windows\system32\wdmaud.drv'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e38 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5db21:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefabd0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefabb0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d521:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefabd0000 'C:\Windows\system32\msacm32.drv'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e18 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
1694.124c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1694.124c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
1694.124c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
1694.124c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.124c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5db21:<flags> [calling]
1694.124c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedDllNotificationCallback: load   000007fefaba0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaba0000 'C:\Windows\system32\midimap.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d4f1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaba0000 'C:\Windows\system32\midimap.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d4f1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaba0000 'C:\Windows\system32\midimap.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5db21:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaba0000 'C:\Windows\system32\midimap.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5e141:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d6e1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb580000 'C:\Windows\system32\dsound.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.1380: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
1694.1380: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001a57d9e1:<flags> [calling]
1694.1380: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadd0000 'C:\Windows\System32\audioses.dll'
1694.124c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
1694.124c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007b5d8b1:<flags> [calling]
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb580000 'C:\Windows\system32\dsound.dll'
1694.124c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefafa0000 'C:\Windows\system32\winmm.dll'
1694.1160: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef90000 'C:\Windows\system32\OLEAUT32.dll'
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001abbe1:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd330000 'C:\Windows\system32\MSCTF.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe810000 'C:\Windows\system32\ole32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\shell32.dll'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1694.678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000019c8d091:<flags> [calling]
1694.678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\WINTRUST.DLL'
1694.678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1694.678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000019c8cec1:<flags> [calling]
1694.678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\CRYPT32.dll'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
1694.678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c40000 'C:\Windows\system32\cryptnet.dll'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1694.678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1694.678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
1694.678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1694.678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
1694.678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1694.678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000019c8f331:<flags> [calling]
1694.678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
1694.678: supR3HardenedDllNotificationCallback: load   000007fefc740000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
1694.678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
1694.678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc740000 'C:\Windows\system32\mswsock.dll'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000091b250
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000091b250
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
1694.678: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
1694.678: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1694.678: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
1694.678: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
1694.678: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1694.678: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1694.678: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000019c8f4d1:<flags> [calling]
1694.678: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
1694.678: supR3HardenedDllNotificationCallback: load   000007fefc100000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
1694.678: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
1694.678: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc100000 'C:\Windows\System32\wshtcpip.dll'
1694.17b0: supR3HardenedDllNotificationCallback: Unload 000007fef58d0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
1694.f94: supR3HardenedDllNotificationCallback: Unload 000007fef58e0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
1694.378: supR3HardenedDllNotificationCallback: Unload 000007fef5d60000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
1694.ec4: supR3HardenedDllNotificationCallback: Unload 000007fef5d70000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
1694.654: supR3HardenedDllNotificationCallback: Unload 000007fef5dc0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
1694.124c: supR3HardenedDllNotificationCallback: Unload 000007fefc100000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [flags=0x0]
1694.124c: supR3HardenedDllNotificationCallback: Unload 000007fee9b60000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
1694.124c: supR3HardenedDllNotificationCallback: Unload 000007feeba70000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
1694.124c: supR3HardenedDllNotificationCallback: Unload 000007feebf80000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007fef7dc0000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007fef7d90000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007fef7390000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007fef7d80000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007fef7f30000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007feec4e0000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
1694.598: supR3HardenedDllNotificationCallback: Unload 000007feebfe0000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
1694.598: Terminating the normal way: rcExit=0
1694.598: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1694.598: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001aee01:<flags> [calling]
1694.598: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfb0000 'C:\Windows\system32\WINTRUST.dll'
aa4.f90: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 208732 ms, the end);
fe0.cac: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 209357 ms, the end);