Ticket #17657: VBoxHardening.log

File VBoxHardening.log, 238.4 KB (added by aanbar, 6 years ago)
Log File

Line
1	4e4.2630: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	4e4.2630: \SystemRoot\System32\ntdll.dll:
3	4e4.2630: CreationTime: 2017-08-14T17:14:44.340157000Z
4	4e4.2630: LastWriteTime: 2016-01-22T06:24:12.217581500Z
5	4e4.2630: ChangeTime: 2017-08-15T14:19:38.552447400Z
6	4e4.2630: FileAttributes: 0x20
7	4e4.2630: Size: 0x1a73d8
8	4e4.2630: NT Headers: 0xe0
9	4e4.2630: Timestamp: 0x56a1c9c5
10	4e4.2630: Machine: 0x8664 - amd64
11	4e4.2630: Timestamp: 0x56a1c9c5
12	4e4.2630: Image Version: 6.1
13	4e4.2630: SizeOfImage: 0x1aa000 (1744896)
14	4e4.2630: Resource Dir: 0x14e000 LB 0x5a028
15	4e4.2630: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16	4e4.2630: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17	4e4.2630: ProductName: Microsoft® Windows® Operating System
18	4e4.2630: ProductVersion: 6.1.7601.19135
19	4e4.2630: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
20	4e4.2630: FileDescription: NT Layer DLL
21	4e4.2630: \SystemRoot\System32\kernel32.dll:
22	4e4.2630: CreationTime: 2017-08-14T17:14:42.421353600Z
23	4e4.2630: LastWriteTime: 2016-01-22T06:15:31.619000000Z
24	4e4.2630: ChangeTime: 2017-08-15T14:19:39.675649400Z
25	4e4.2630: FileAttributes: 0x20
26	4e4.2630: Size: 0x11c000
27	4e4.2630: NT Headers: 0xe8
28	4e4.2630: Timestamp: 0x56a1c9ab
29	4e4.2630: Machine: 0x8664 - amd64
30	4e4.2630: Timestamp: 0x56a1c9ab
31	4e4.2630: Image Version: 6.1
32	4e4.2630: SizeOfImage: 0x11f000 (1175552)
33	4e4.2630: Resource Dir: 0x116000 LB 0x528
34	4e4.2630: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35	4e4.2630: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36	4e4.2630: ProductName: Microsoft® Windows® Operating System
37	4e4.2630: ProductVersion: 6.1.7601.19135
38	4e4.2630: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
39	4e4.2630: FileDescription: Windows NT BASE API Client DLL
40	4e4.2630: \SystemRoot\System32\KernelBase.dll:
41	4e4.2630: CreationTime: 2017-08-14T17:14:42.296553400Z
42	4e4.2630: LastWriteTime: 2016-01-22T06:15:31.822000000Z
43	4e4.2630: ChangeTime: 2017-08-15T14:19:39.691249400Z
44	4e4.2630: FileAttributes: 0x20
45	4e4.2630: Size: 0x67200
46	4e4.2630: NT Headers: 0xe8
47	4e4.2630: Timestamp: 0x56a1c9ac
48	4e4.2630: Machine: 0x8664 - amd64
49	4e4.2630: Timestamp: 0x56a1c9ac
50	4e4.2630: Image Version: 6.1
51	4e4.2630: SizeOfImage: 0x6b000 (438272)
52	4e4.2630: Resource Dir: 0x69000 LB 0x530
53	4e4.2630: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54	4e4.2630: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
55	4e4.2630: ProductName: Microsoft® Windows® Operating System
56	4e4.2630: ProductVersion: 6.1.7601.19135
57	4e4.2630: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
58	4e4.2630: FileDescription: Windows NT BASE API Client DLL
59	4e4.2630: \SystemRoot\System32\apisetschema.dll:
60	4e4.2630: CreationTime: 2017-08-14T17:14:40.192149700Z
61	4e4.2630: LastWriteTime: 2016-01-22T06:12:25.181000000Z
62	4e4.2630: ChangeTime: 2017-08-15T14:19:38.474447300Z
63	4e4.2630: FileAttributes: 0x20
64	4e4.2630: Size: 0x1a00
65	4e4.2630: NT Headers: 0xc0
66	4e4.2630: Timestamp: 0x56a1c890
67	4e4.2630: Machine: 0x8664 - amd64
68	4e4.2630: Timestamp: 0x56a1c890
69	4e4.2630: Image Version: 6.1
70	4e4.2630: SizeOfImage: 0x50000 (327680)
71	4e4.2630: Resource Dir: 0x30000 LB 0x3f8
72	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73	4e4.2630: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
74	4e4.2630: ProductName: Microsoft® Windows® Operating System
75	4e4.2630: ProductVersion: 6.1.7601.19135
76	4e4.2630: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
77	4e4.2630: FileDescription: ApiSet Schema DLL
78	4e4.2630: Found driver klkbdflt (0x40)
79	4e4.2630: Found driver klmouflt (0x40)
80	4e4.2630: Found driver KLIM6 (0x40)
81	4e4.2630: Found driver kl1 (0x40)
82	4e4.2630: Found driver klflt (0x40)
83	4e4.2630: Found driver kneps (0x40)
84	4e4.2630: Found driver kltdi (0x40)
85	4e4.2630: supR3HardenedWinFindAdversaries: 0x40
86	4e4.2630: \SystemRoot\System32\drivers\kl1.sys:
87	4e4.2630: CreationTime: 2016-09-30T23:26:00.000000000Z
88	4e4.2630: LastWriteTime: 2016-09-30T23:26:00.000000000Z
89	4e4.2630: ChangeTime: 2017-08-14T17:05:02.334784600Z
90	4e4.2630: FileAttributes: 0x20
91	4e4.2630: Size: 0x875a8
92	4e4.2630: NT Headers: 0xe8
93	4e4.2630: Timestamp: 0x56fe83ac
94	4e4.2630: Machine: 0x8664 - amd64
95	4e4.2630: Timestamp: 0x56fe83ac
96	4e4.2630: Image Version: 0.0
97	4e4.2630: SizeOfImage: 0x709000 (7376896)
98	4e4.2630: Resource Dir: 0x707000 LB 0x448
99	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
100	4e4.2630: [Raw version resource data: 0x707060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
101	4e4.2630: ProductName: Kaspersky Anti-Virus
102	4e4.2630: ProductVersion: 6.0.1.990
103	4e4.2630: FileVersion: 6.8.0.67
104	4e4.2630: FileDescription: Kaspersky Unified Driver
105	4e4.2630: \SystemRoot\System32\drivers\klflt.sys:
106	4e4.2630: CreationTime: 2017-08-14T17:04:42.007949100Z
107	4e4.2630: LastWriteTime: 2017-10-15T12:48:48.677255100Z
108	4e4.2630: ChangeTime: 2017-10-15T12:50:31.265122800Z
109	4e4.2630: FileAttributes: 0x20
110	4e4.2630: Size: 0x324d8
111	4e4.2630: NT Headers: 0xf8
112	4e4.2630: Timestamp: 0x596f4b46
113	4e4.2630: Machine: 0x8664 - amd64
114	4e4.2630: Timestamp: 0x596f4b46
115	4e4.2630: Image Version: 6.0
116	4e4.2630: SizeOfImage: 0x3e000 (253952)
117	4e4.2630: Resource Dir: 0x3c000 LB 0x418
118	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
119	4e4.2630: [Raw version resource data: 0x3c060 LB 0x3b4, codepage 0x0 (reserved 0x0)]
120	4e4.2630: ProductName: System Interceptors PDK
121	4e4.2630: ProductVersion: 13.0.56.0
122	4e4.2630: FileVersion: 13.0.56.0
123	4e4.2630: FileDescription: Filter Core [fre_wlh_x64]
124	4e4.2630: \SystemRoot\System32\drivers\klif.sys:
125	4e4.2630: CreationTime: 2017-08-14T17:04:42.023549200Z
126	4e4.2630: LastWriteTime: 2018-02-21T13:22:36.506612300Z
127	4e4.2630: ChangeTime: 2018-02-21T13:22:40.842860400Z
128	4e4.2630: FileAttributes: 0x20
129	4e4.2630: Size: 0x105ec8
130	4e4.2630: NT Headers: 0x118
131	4e4.2630: Timestamp: 0x5a6b1fa1
132	4e4.2630: Machine: 0x8664 - amd64
133	4e4.2630: Timestamp: 0x5a6b1fa1
134	4e4.2630: Image Version: 6.0
135	4e4.2630: SizeOfImage: 0x10d000 (1101824)
136	4e4.2630: Resource Dir: 0x109000 LB 0x2230
137	4e4.2630: [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
138	4e4.2630: [Raw version resource data: 0x109618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
139	4e4.2630: ProductName: System Interceptors PDK
140	4e4.2630: ProductVersion: 13.0.349.0
141	4e4.2630: FileVersion: 13.0.349.0
142	4e4.2630: FileDescription: Core System Interceptors [fre_wlh_x64]
143	4e4.2630: \SystemRoot\System32\drivers\klim6.sys:
144	4e4.2630: CreationTime: 2016-10-11T11:14:28.000000000Z
145	4e4.2630: LastWriteTime: 2018-02-21T13:22:36.699623400Z
146	4e4.2630: ChangeTime: 2018-02-21T13:22:40.852860900Z
147	4e4.2630: FileAttributes: 0x20
148	4e4.2630: Size: 0xdec0
149	4e4.2630: NT Headers: 0x100
150	4e4.2630: Timestamp: 0x5a5f21e8
151	4e4.2630: Machine: 0x8664 - amd64
152	4e4.2630: Timestamp: 0x5a5f21e8
153	4e4.2630: Image Version: 6.0
154	4e4.2630: SizeOfImage: 0xc000 (49152)
155	4e4.2630: Resource Dir: 0xa000 LB 0x428
156	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
157	4e4.2630: [Raw version resource data: 0xa060 LB 0x3c8, codepage 0x0 (reserved 0x0)]
158	4e4.2630: ProductName: System Interceptors PDK
159	4e4.2630: ProductVersion: 14.0.0.16
160	4e4.2630: FileVersion: 14.0.0.16
161	4e4.2630: FileDescription: Packet Network Filter [fre_wlh_x64]
162	4e4.2630: \SystemRoot\System32\drivers\klkbdflt.sys:
163	4e4.2630: CreationTime: 2016-12-23T06:19:30.000000000Z
164	4e4.2630: LastWriteTime: 2016-12-23T06:19:30.000000000Z
165	4e4.2630: ChangeTime: 2017-08-14T17:05:02.693585200Z
166	4e4.2630: FileAttributes: 0x20
167	4e4.2630: Size: 0xe0e0
168	4e4.2630: NT Headers: 0xf8
169	4e4.2630: Timestamp: 0x5859ab81
170	4e4.2630: Machine: 0x8664 - amd64
171	4e4.2630: Timestamp: 0x5859ab81
172	4e4.2630: Image Version: 6.0
173	4e4.2630: SizeOfImage: 0xe000 (57344)
174	4e4.2630: Resource Dir: 0xc000 LB 0x438
175	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
176	4e4.2630: [Raw version resource data: 0xc060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
177	4e4.2630: ProductName: System Interceptors PDK
178	4e4.2630: ProductVersion: 13.0.0.8
179	4e4.2630: FileVersion: 13.0.0.8
180	4e4.2630: FileDescription: Keyboard Device Filter [fre_wlh_x64]
181	4e4.2630: \SystemRoot\System32\drivers\klmouflt.sys:
182	4e4.2630: CreationTime: 2016-12-07T06:38:46.000000000Z
183	4e4.2630: LastWriteTime: 2016-12-07T06:38:46.000000000Z
184	4e4.2630: ChangeTime: 2017-08-14T17:05:02.568785000Z
185	4e4.2630: FileAttributes: 0x20
186	4e4.2630: Size: 0xe4e0
187	4e4.2630: NT Headers: 0xf8
188	4e4.2630: Timestamp: 0x583e86c3
189	4e4.2630: Machine: 0x8664 - amd64
190	4e4.2630: Timestamp: 0x583e86c3
191	4e4.2630: Image Version: 6.0
192	4e4.2630: SizeOfImage: 0xf000 (61440)
193	4e4.2630: Resource Dir: 0xd000 LB 0x430
194	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
195	4e4.2630: [Raw version resource data: 0xd060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
196	4e4.2630: ProductName: System Interceptors PDK
197	4e4.2630: ProductVersion: 13.0.0.5
198	4e4.2630: FileVersion: 13.0.0.5
199	4e4.2630: FileDescription: Mouse Device Filter [fre_wlh_x64]
200	4e4.2630: \SystemRoot\System32\drivers\kltdi.sys:
201	4e4.2630: CreationTime: 2017-06-20T11:32:46.000000000Z
202	4e4.2630: LastWriteTime: 2017-06-20T11:32:46.000000000Z
203	4e4.2630: ChangeTime: 2017-08-14T17:05:03.083585900Z
204	4e4.2630: FileAttributes: 0x20
205	4e4.2630: Size: 0x13ff0
206	4e4.2630: NT Headers: 0xf0
207	4e4.2630: Timestamp: 0x58bd327c
208	4e4.2630: Machine: 0x8664 - amd64
209	4e4.2630: Timestamp: 0x58bd327c
210	4e4.2630: Image Version: 5.2
211	4e4.2630: SizeOfImage: 0x12000 (73728)
212	4e4.2630: Resource Dir: 0x10000 LB 0x430
213	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
214	4e4.2630: [Raw version resource data: 0x10060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
215	4e4.2630: ProductName: System Interceptors PDK
216	4e4.2630: ProductVersion: 13.0.0.12
217	4e4.2630: FileVersion: 13.0.0.12
218	4e4.2630: FileDescription: Legacy Network Filter [fre_wnet_x64]
219	4e4.2630: \SystemRoot\System32\drivers\kneps.sys:
220	4e4.2630: CreationTime: 2017-06-20T11:32:46.000000000Z
221	4e4.2630: LastWriteTime: 2017-12-14T16:33:26.144749900Z
222	4e4.2630: ChangeTime: 2017-12-14T16:33:29.624949000Z
223	4e4.2630: FileAttributes: 0x20
224	4e4.2630: Size: 0x30ae0
225	4e4.2630: NT Headers: 0x110
226	4e4.2630: Timestamp: 0x5a0e923b
227	4e4.2630: Machine: 0x8664 - amd64
228	4e4.2630: Timestamp: 0x5a0e923b
229	4e4.2630: Image Version: 5.2
230	4e4.2630: SizeOfImage: 0x2d000 (184320)
231	4e4.2630: Resource Dir: 0x2b000 LB 0x428
232	4e4.2630: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
233	4e4.2630: [Raw version resource data: 0x2b060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
234	4e4.2630: ProductName: System Interceptors PDK
235	4e4.2630: ProductVersion: 13.0.0.40
236	4e4.2630: FileVersion: 13.0.0.40
237	4e4.2630: FileDescription: Network Processor [fre_wnet_x64]
238	4e4.2630: \SystemRoot\System32\klfphc.dll:
239	4e4.2630: CreationTime: 2017-08-14T17:05:02.287984500Z
240	4e4.2630: LastWriteTime: 2013-05-06T05:13:26.000000000Z
241	4e4.2630: ChangeTime: 2017-08-14T17:04:53.863969800Z
242	4e4.2630: FileAttributes: 0x20
243	4e4.2630: Size: 0x1ae60
244	4e4.2630: NT Headers: 0xe8
245	4e4.2630: Timestamp: 0x51873bf2
246	4e4.2630: Machine: 0x8664 - amd64
247	4e4.2630: Timestamp: 0x51873bf2
248	4e4.2630: Image Version: 0.0
249	4e4.2630: SizeOfImage: 0x1d000 (118784)
250	4e4.2630: Resource Dir: 0x18000 LB 0x3c80
251	4e4.2630: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
252	4e4.2630: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
253	4e4.2630: ProductName: Kaspersky™ Anti-Virus ®
254	4e4.2630: ProductVersion: 1.0.0.12
255	4e4.2630: FileVersion: 1.0.0.12
256	4e4.2630: FileDescription: Filtering Platform Helper Class
257	4e4.2630: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
258	4e4.2630: Calling main()
259	4e4.2630: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
260	4e4.2630: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
261	4e4.2630: SUPR3HardenedMain: Respawn #1
262	4e4.2630: System32: \Device\HarddiskVolume2\Windows\System32
263	4e4.2630: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
264	4e4.2630: KnownDllPath: C:\Windows\system32
265	4e4.2630: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
266	4e4.2630: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
267	4e4.2630: supR3HardNtEnableThreadCreation:
268	4e4.2630: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007760b170 pvNtTerminateThread=000000007762d8e0
269	4e4.2630: supR3HardenedWinDoReSpawn(1): New child 1c4c.1fcc [kernel32].
270	4e4.2630: supR3HardNtChildGatherData: PebBaseAddress=000007fffffda000 cbPeb=0x380
271	4e4.2630: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000775e0000 uNtDllChildAddr=00000000775e0000
272	4e4.2630: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007760b170
273	4e4.2630: supR3HardenedWinSetupChildInit: Start child.
274	4e4.2630: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
275	4e4.2630: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
276	4e4.2630: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
277	4e4.2630: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
278	4e4.2630: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
279	4e4.2630: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
280	4e4.2630: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
281	4e4.2630: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
282	4e4.2630: 0000000000041000-000000000012ffff 0x0001/0x0000 0x0000000
283	4e4.2630: *0000000000130000-000000000022bfff 0x0000/0x0004 0x0020000
284	4e4.2630: 000000000022c000-000000000022dfff 0x0104/0x0004 0x0020000
285	4e4.2630: 000000000022e000-000000000022ffff 0x0004/0x0004 0x0020000
286	4e4.2630: 0000000000230000-00000000775dffff 0x0001/0x0000 0x0000000
287	4e4.2630: *00000000775e0000-00000000775e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
288	4e4.2630: 00000000775e1000-00000000776dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
289	4e4.2630: 00000000776e0000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
290	4e4.2630: 000000007770f000-0000000077716fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
291	4e4.2630: 0000000077717000-0000000077717fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
292	4e4.2630: 0000000077718000-000000007771afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
293	4e4.2630: 000000007771b000-0000000077789fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
294	4e4.2630: 000000007778a000-000000007efdffff 0x0001/0x0000 0x0000000
295	4e4.2630: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
296	4e4.2630: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
297	4e4.2630: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
298	4e4.2630: 000000007fff0000-000000013f2dffff 0x0001/0x0000 0x0000000
299	4e4.2630: *000000013f2e0000-000000013f2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
300	4e4.2630: 000000013f2e1000-000000013f351fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
301	4e4.2630: 000000013f352000-000000013f352fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
302	4e4.2630: 000000013f353000-000000013f398fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
303	4e4.2630: 000000013f399000-000000013f399fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
304	4e4.2630: 000000013f39a000-000000013f39afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
305	4e4.2630: 000000013f39b000-000000013f39ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
306	4e4.2630: 000000013f3a0000-000000013f3a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
307	4e4.2630: 000000013f3a1000-000000013f3a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
308	4e4.2630: 000000013f3a2000-000000013f3a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
309	4e4.2630: 000000013f3a6000-000000013f3edfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
310	4e4.2630: 000000013f3ee000-000007feff8cffff 0x0001/0x0000 0x0000000
311	4e4.2630: *000007feff8d0000-000007feff8d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
312	4e4.2630: 000007feff8d1000-000007fffffaffff 0x0001/0x0000 0x0000000
313	4e4.2630: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
314	4e4.2630: 000007fffffd3000-000007fffffd9fff 0x0001/0x0000 0x0000000
315	4e4.2630: *000007fffffda000-000007fffffdafff 0x0004/0x0004 0x0020000
316	4e4.2630: 000007fffffdb000-000007fffffddfff 0x0001/0x0000 0x0000000
317	4e4.2630: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
318	4e4.2630: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
319	4e4.2630: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
320	4e4.2630: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
321	4e4.2630: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
322	4e4.2630: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
323	4e4.2630: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
324	4e4.2630: supR3HardNtChildPurify: Done after 574 ms and 0 fixes (loop #0).
325	1c4c.1fcc: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
326	1c4c.1fcc: supR3HardenedVmProcessInit: uNtDllAddr=00000000775e0000 g_uNtVerCombined=0x611db100
327	1c4c.1fcc: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
328	1c4c.1fcc: New simple heap: #1 0000000000330000 LB 0x400000 (for 1744896 allocation)
329	4e4.2630: supR3HardNtEnableThreadCreation:
330	1c4c.1fcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
331	1c4c.1fcc: System32: \Device\HarddiskVolume2\Windows\System32
332	1c4c.1fcc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
333	1c4c.1fcc: KnownDllPath: C:\Windows\system32
334	1c4c.1fcc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
335	1c4c.1fcc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
336	1c4c.1fcc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
337	1c4c.1fcc: Registered Dll notification callback with NTDLL.
338	1c4c.1fcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
339	1c4c.1fcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
340	1c4c.1fcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
341	1c4c.1fcc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
342	1c4c.1fcc: supR3HardenedDllNotificationCallback: load 00000000773c0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
343	1c4c.1fcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
344	1c4c.1fcc: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
345	1c4c.1fcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
346	1c4c.1fcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
347	1c4c.1fcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773c0000 'C:\Windows\system32\kernel32.dll'
348	1c4c.1fcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007760b170 pvNtTerminateThread=000000007762d8e0
349	4e4.2630: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 33 ms.
350	1c4c.1fcc: \SystemRoot\System32\ntdll.dll:
351	1c4c.1fcc: CreationTime: 2017-08-14T17:14:44.340157000Z
352	1c4c.1fcc: LastWriteTime: 2016-01-22T06:24:12.217581500Z
353	1c4c.1fcc: ChangeTime: 2017-08-15T14:19:38.552447400Z
354	1c4c.1fcc: FileAttributes: 0x20
355	1c4c.1fcc: Size: 0x1a73d8
356	1c4c.1fcc: NT Headers: 0xe0
357	1c4c.1fcc: Timestamp: 0x56a1c9c5
358	1c4c.1fcc: Machine: 0x8664 - amd64
359	1c4c.1fcc: Timestamp: 0x56a1c9c5
360	1c4c.1fcc: Image Version: 6.1
361	1c4c.1fcc: SizeOfImage: 0x1aa000 (1744896)
362	1c4c.1fcc: Resource Dir: 0x14e000 LB 0x5a028
363	1c4c.1fcc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
364	1c4c.1fcc: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
365	1c4c.1fcc: ProductName: Microsoft® Windows® Operating System
366	1c4c.1fcc: ProductVersion: 6.1.7601.19135
367	1c4c.1fcc: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
368	1c4c.1fcc: FileDescription: NT Layer DLL
369	1c4c.1fcc: \SystemRoot\System32\kernel32.dll:
370	1c4c.1fcc: CreationTime: 2017-08-14T17:14:42.421353600Z
371	1c4c.1fcc: LastWriteTime: 2016-01-22T06:15:31.619000000Z
372	1c4c.1fcc: ChangeTime: 2017-08-15T14:19:39.675649400Z
373	1c4c.1fcc: FileAttributes: 0x20
374	1c4c.1fcc: Size: 0x11c000
375	1c4c.1fcc: NT Headers: 0xe8
376	1c4c.1fcc: Timestamp: 0x56a1c9ab
377	1c4c.1fcc: Machine: 0x8664 - amd64
378	1c4c.1fcc: Timestamp: 0x56a1c9ab
379	1c4c.1fcc: Image Version: 6.1
380	1c4c.1fcc: SizeOfImage: 0x11f000 (1175552)
381	1c4c.1fcc: Resource Dir: 0x116000 LB 0x528
382	1c4c.1fcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
383	1c4c.1fcc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
384	1c4c.1fcc: ProductName: Microsoft® Windows® Operating System
385	1c4c.1fcc: ProductVersion: 6.1.7601.19135
386	1c4c.1fcc: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
387	1c4c.1fcc: FileDescription: Windows NT BASE API Client DLL
388	1c4c.1fcc: \SystemRoot\System32\KernelBase.dll:
389	1c4c.1fcc: CreationTime: 2017-08-14T17:14:42.296553400Z
390	1c4c.1fcc: LastWriteTime: 2016-01-22T06:15:31.822000000Z
391	1c4c.1fcc: ChangeTime: 2017-08-15T14:19:39.691249400Z
392	1c4c.1fcc: FileAttributes: 0x20
393	1c4c.1fcc: Size: 0x67200
394	1c4c.1fcc: NT Headers: 0xe8
395	1c4c.1fcc: Timestamp: 0x56a1c9ac
396	1c4c.1fcc: Machine: 0x8664 - amd64
397	1c4c.1fcc: Timestamp: 0x56a1c9ac
398	1c4c.1fcc: Image Version: 6.1
399	1c4c.1fcc: SizeOfImage: 0x6b000 (438272)
400	1c4c.1fcc: Resource Dir: 0x69000 LB 0x530
401	1c4c.1fcc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
402	1c4c.1fcc: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
403	1c4c.1fcc: ProductName: Microsoft® Windows® Operating System
404	1c4c.1fcc: ProductVersion: 6.1.7601.19135
405	1c4c.1fcc: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
406	1c4c.1fcc: FileDescription: Windows NT BASE API Client DLL
407	1c4c.1fcc: \SystemRoot\System32\apisetschema.dll:
408	1c4c.1fcc: CreationTime: 2017-08-14T17:14:40.192149700Z
409	1c4c.1fcc: LastWriteTime: 2016-01-22T06:12:25.181000000Z
410	1c4c.1fcc: ChangeTime: 2017-08-15T14:19:38.474447300Z
411	1c4c.1fcc: FileAttributes: 0x20
412	1c4c.1fcc: Size: 0x1a00
413	1c4c.1fcc: NT Headers: 0xc0
414	1c4c.1fcc: Timestamp: 0x56a1c890
415	1c4c.1fcc: Machine: 0x8664 - amd64
416	1c4c.1fcc: Timestamp: 0x56a1c890
417	1c4c.1fcc: Image Version: 6.1
418	1c4c.1fcc: SizeOfImage: 0x50000 (327680)
419	1c4c.1fcc: Resource Dir: 0x30000 LB 0x3f8
420	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
421	1c4c.1fcc: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
422	1c4c.1fcc: ProductName: Microsoft® Windows® Operating System
423	1c4c.1fcc: ProductVersion: 6.1.7601.19135
424	1c4c.1fcc: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
425	1c4c.1fcc: FileDescription: ApiSet Schema DLL
426	1c4c.1fcc: Found driver klkbdflt (0x40)
427	1c4c.1fcc: Found driver klmouflt (0x40)
428	1c4c.1fcc: Found driver KLIM6 (0x40)
429	1c4c.1fcc: Found driver kl1 (0x40)
430	1c4c.1fcc: Found driver klflt (0x40)
431	1c4c.1fcc: Found driver kneps (0x40)
432	1c4c.1fcc: Found driver kltdi (0x40)
433	1c4c.1fcc: supR3HardenedWinFindAdversaries: 0x40
434	1c4c.1fcc: \SystemRoot\System32\drivers\kl1.sys:
435	1c4c.1fcc: CreationTime: 2016-09-30T23:26:00.000000000Z
436	1c4c.1fcc: LastWriteTime: 2016-09-30T23:26:00.000000000Z
437	1c4c.1fcc: ChangeTime: 2017-08-14T17:05:02.334784600Z
438	1c4c.1fcc: FileAttributes: 0x20
439	1c4c.1fcc: Size: 0x875a8
440	1c4c.1fcc: NT Headers: 0xe8
441	1c4c.1fcc: Timestamp: 0x56fe83ac
442	1c4c.1fcc: Machine: 0x8664 - amd64
443	1c4c.1fcc: Timestamp: 0x56fe83ac
444	1c4c.1fcc: Image Version: 0.0
445	1c4c.1fcc: SizeOfImage: 0x709000 (7376896)
446	1c4c.1fcc: Resource Dir: 0x707000 LB 0x448
447	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
448	1c4c.1fcc: [Raw version resource data: 0x707060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
449	1c4c.1fcc: ProductName: Kaspersky Anti-Virus
450	1c4c.1fcc: ProductVersion: 6.0.1.990
451	1c4c.1fcc: FileVersion: 6.8.0.67
452	1c4c.1fcc: FileDescription: Kaspersky Unified Driver
453	1c4c.1fcc: \SystemRoot\System32\drivers\klflt.sys:
454	1c4c.1fcc: CreationTime: 2017-08-14T17:04:42.007949100Z
455	1c4c.1fcc: LastWriteTime: 2017-10-15T12:48:48.677255100Z
456	1c4c.1fcc: ChangeTime: 2017-10-15T12:50:31.265122800Z
457	1c4c.1fcc: FileAttributes: 0x20
458	1c4c.1fcc: Size: 0x324d8
459	1c4c.1fcc: NT Headers: 0xf8
460	1c4c.1fcc: Timestamp: 0x596f4b46
461	1c4c.1fcc: Machine: 0x8664 - amd64
462	1c4c.1fcc: Timestamp: 0x596f4b46
463	1c4c.1fcc: Image Version: 6.0
464	1c4c.1fcc: SizeOfImage: 0x3e000 (253952)
465	1c4c.1fcc: Resource Dir: 0x3c000 LB 0x418
466	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
467	1c4c.1fcc: [Raw version resource data: 0x3c060 LB 0x3b4, codepage 0x0 (reserved 0x0)]
468	1c4c.1fcc: ProductName: System Interceptors PDK
469	1c4c.1fcc: ProductVersion: 13.0.56.0
470	1c4c.1fcc: FileVersion: 13.0.56.0
471	1c4c.1fcc: FileDescription: Filter Core [fre_wlh_x64]
472	1c4c.1fcc: \SystemRoot\System32\drivers\klif.sys:
473	1c4c.1fcc: CreationTime: 2017-08-14T17:04:42.023549200Z
474	1c4c.1fcc: LastWriteTime: 2018-02-21T13:22:36.506612300Z
475	1c4c.1fcc: ChangeTime: 2018-02-21T13:22:40.842860400Z
476	1c4c.1fcc: FileAttributes: 0x20
477	1c4c.1fcc: Size: 0x105ec8
478	1c4c.1fcc: NT Headers: 0x118
479	1c4c.1fcc: Timestamp: 0x5a6b1fa1
480	1c4c.1fcc: Machine: 0x8664 - amd64
481	1c4c.1fcc: Timestamp: 0x5a6b1fa1
482	1c4c.1fcc: Image Version: 6.0
483	1c4c.1fcc: SizeOfImage: 0x10d000 (1101824)
484	1c4c.1fcc: Resource Dir: 0x109000 LB 0x2230
485	1c4c.1fcc: [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
486	1c4c.1fcc: [Raw version resource data: 0x109618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
487	1c4c.1fcc: ProductName: System Interceptors PDK
488	1c4c.1fcc: ProductVersion: 13.0.349.0
489	1c4c.1fcc: FileVersion: 13.0.349.0
490	1c4c.1fcc: FileDescription: Core System Interceptors [fre_wlh_x64]
491	1c4c.1fcc: \SystemRoot\System32\drivers\klim6.sys:
492	1c4c.1fcc: CreationTime: 2016-10-11T11:14:28.000000000Z
493	1c4c.1fcc: LastWriteTime: 2018-02-21T13:22:36.699623400Z
494	1c4c.1fcc: ChangeTime: 2018-02-21T13:22:40.852860900Z
495	1c4c.1fcc: FileAttributes: 0x20
496	1c4c.1fcc: Size: 0xdec0
497	1c4c.1fcc: NT Headers: 0x100
498	1c4c.1fcc: Timestamp: 0x5a5f21e8
499	1c4c.1fcc: Machine: 0x8664 - amd64
500	1c4c.1fcc: Timestamp: 0x5a5f21e8
501	1c4c.1fcc: Image Version: 6.0
502	1c4c.1fcc: SizeOfImage: 0xc000 (49152)
503	1c4c.1fcc: Resource Dir: 0xa000 LB 0x428
504	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
505	1c4c.1fcc: [Raw version resource data: 0xa060 LB 0x3c8, codepage 0x0 (reserved 0x0)]
506	1c4c.1fcc: ProductName: System Interceptors PDK
507	1c4c.1fcc: ProductVersion: 14.0.0.16
508	1c4c.1fcc: FileVersion: 14.0.0.16
509	1c4c.1fcc: FileDescription: Packet Network Filter [fre_wlh_x64]
510	1c4c.1fcc: \SystemRoot\System32\drivers\klkbdflt.sys:
511	1c4c.1fcc: CreationTime: 2016-12-23T06:19:30.000000000Z
512	1c4c.1fcc: LastWriteTime: 2016-12-23T06:19:30.000000000Z
513	1c4c.1fcc: ChangeTime: 2017-08-14T17:05:02.693585200Z
514	1c4c.1fcc: FileAttributes: 0x20
515	1c4c.1fcc: Size: 0xe0e0
516	1c4c.1fcc: NT Headers: 0xf8
517	1c4c.1fcc: Timestamp: 0x5859ab81
518	1c4c.1fcc: Machine: 0x8664 - amd64
519	1c4c.1fcc: Timestamp: 0x5859ab81
520	1c4c.1fcc: Image Version: 6.0
521	1c4c.1fcc: SizeOfImage: 0xe000 (57344)
522	1c4c.1fcc: Resource Dir: 0xc000 LB 0x438
523	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
524	1c4c.1fcc: [Raw version resource data: 0xc060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
525	1c4c.1fcc: ProductName: System Interceptors PDK
526	1c4c.1fcc: ProductVersion: 13.0.0.8
527	1c4c.1fcc: FileVersion: 13.0.0.8
528	1c4c.1fcc: FileDescription: Keyboard Device Filter [fre_wlh_x64]
529	1c4c.1fcc: \SystemRoot\System32\drivers\klmouflt.sys:
530	1c4c.1fcc: CreationTime: 2016-12-07T06:38:46.000000000Z
531	1c4c.1fcc: LastWriteTime: 2016-12-07T06:38:46.000000000Z
532	1c4c.1fcc: ChangeTime: 2017-08-14T17:05:02.568785000Z
533	1c4c.1fcc: FileAttributes: 0x20
534	1c4c.1fcc: Size: 0xe4e0
535	1c4c.1fcc: NT Headers: 0xf8
536	1c4c.1fcc: Timestamp: 0x583e86c3
537	1c4c.1fcc: Machine: 0x8664 - amd64
538	1c4c.1fcc: Timestamp: 0x583e86c3
539	1c4c.1fcc: Image Version: 6.0
540	1c4c.1fcc: SizeOfImage: 0xf000 (61440)
541	1c4c.1fcc: Resource Dir: 0xd000 LB 0x430
542	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
543	1c4c.1fcc: [Raw version resource data: 0xd060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
544	1c4c.1fcc: ProductName: System Interceptors PDK
545	1c4c.1fcc: ProductVersion: 13.0.0.5
546	1c4c.1fcc: FileVersion: 13.0.0.5
547	1c4c.1fcc: FileDescription: Mouse Device Filter [fre_wlh_x64]
548	1c4c.1fcc: \SystemRoot\System32\drivers\kltdi.sys:
549	1c4c.1fcc: CreationTime: 2017-06-20T11:32:46.000000000Z
550	1c4c.1fcc: LastWriteTime: 2017-06-20T11:32:46.000000000Z
551	1c4c.1fcc: ChangeTime: 2017-08-14T17:05:03.083585900Z
552	1c4c.1fcc: FileAttributes: 0x20
553	1c4c.1fcc: Size: 0x13ff0
554	1c4c.1fcc: NT Headers: 0xf0
555	1c4c.1fcc: Timestamp: 0x58bd327c
556	1c4c.1fcc: Machine: 0x8664 - amd64
557	1c4c.1fcc: Timestamp: 0x58bd327c
558	1c4c.1fcc: Image Version: 5.2
559	1c4c.1fcc: SizeOfImage: 0x12000 (73728)
560	1c4c.1fcc: Resource Dir: 0x10000 LB 0x430
561	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
562	1c4c.1fcc: [Raw version resource data: 0x10060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
563	1c4c.1fcc: ProductName: System Interceptors PDK
564	1c4c.1fcc: ProductVersion: 13.0.0.12
565	1c4c.1fcc: FileVersion: 13.0.0.12
566	1c4c.1fcc: FileDescription: Legacy Network Filter [fre_wnet_x64]
567	1c4c.1fcc: \SystemRoot\System32\drivers\kneps.sys:
568	1c4c.1fcc: CreationTime: 2017-06-20T11:32:46.000000000Z
569	1c4c.1fcc: LastWriteTime: 2017-12-14T16:33:26.144749900Z
570	1c4c.1fcc: ChangeTime: 2017-12-14T16:33:29.624949000Z
571	1c4c.1fcc: FileAttributes: 0x20
572	1c4c.1fcc: Size: 0x30ae0
573	1c4c.1fcc: NT Headers: 0x110
574	1c4c.1fcc: Timestamp: 0x5a0e923b
575	1c4c.1fcc: Machine: 0x8664 - amd64
576	1c4c.1fcc: Timestamp: 0x5a0e923b
577	1c4c.1fcc: Image Version: 5.2
578	1c4c.1fcc: SizeOfImage: 0x2d000 (184320)
579	1c4c.1fcc: Resource Dir: 0x2b000 LB 0x428
580	1c4c.1fcc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
581	1c4c.1fcc: [Raw version resource data: 0x2b060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
582	1c4c.1fcc: ProductName: System Interceptors PDK
583	1c4c.1fcc: ProductVersion: 13.0.0.40
584	1c4c.1fcc: FileVersion: 13.0.0.40
585	1c4c.1fcc: FileDescription: Network Processor [fre_wnet_x64]
586	1c4c.1fcc: \SystemRoot\System32\klfphc.dll:
587	1c4c.1fcc: CreationTime: 2017-08-14T17:05:02.287984500Z
588	1c4c.1fcc: LastWriteTime: 2013-05-06T05:13:26.000000000Z
589	1c4c.1fcc: ChangeTime: 2017-08-14T17:04:53.863969800Z
590	1c4c.1fcc: FileAttributes: 0x20
591	1c4c.1fcc: Size: 0x1ae60
592	1c4c.1fcc: NT Headers: 0xe8
593	1c4c.1fcc: Timestamp: 0x51873bf2
594	1c4c.1fcc: Machine: 0x8664 - amd64
595	1c4c.1fcc: Timestamp: 0x51873bf2
596	1c4c.1fcc: Image Version: 0.0
597	1c4c.1fcc: SizeOfImage: 0x1d000 (118784)
598	1c4c.1fcc: Resource Dir: 0x18000 LB 0x3c80
599	1c4c.1fcc: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
600	1c4c.1fcc: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
601	1c4c.1fcc: ProductName: Kaspersky™ Anti-Virus ®
602	1c4c.1fcc: ProductVersion: 1.0.0.12
603	1c4c.1fcc: FileVersion: 1.0.0.12
604	1c4c.1fcc: FileDescription: Filtering Platform Helper Class
605	1c4c.1fcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
606	1c4c.1fcc: Calling main()
607	1c4c.1fcc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
608	1c4c.1fcc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
609	1c4c.1fcc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
610	1c4c.1fcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
611	1c4c.1fcc: SUPR3HardenedMain: Respawn #2
612	1c4c.1fcc: supR3HardNtEnableThreadCreation:
613	1c4c.1fcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
614	1c4c.1fcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
615	1c4c.1fcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
616	1c4c.1fcc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
617	1c4c.1fcc: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
618	1c4c.1fcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
619	1c4c.1fcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\apphelp.dll'
620	1c4c.1fcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007760b170 pvNtTerminateThread=000000007762d8e0
621	1c4c.1fcc: supR3HardenedWinDoReSpawn(2): New child 13a8.fe0 [kernel32].
622	1c4c.1fcc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd5000 cbPeb=0x380
623	1c4c.1fcc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000775e0000 uNtDllChildAddr=00000000775e0000
624	1c4c.1fcc: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007760b170
625	1c4c.1fcc: supR3HardenedWinSetupChildInit: Start child.
626	1c4c.1fcc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
627	1c4c.1fcc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
628	1c4c.1fcc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
629	1c4c.1fcc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
630	1c4c.1fcc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
631	1c4c.1fcc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
632	1c4c.1fcc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
633	1c4c.1fcc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
634	1c4c.1fcc: 0000000000041000-000000000008ffff 0x0001/0x0000 0x0000000
635	1c4c.1fcc: *0000000000090000-000000000018bfff 0x0000/0x0004 0x0020000
636	1c4c.1fcc: 000000000018c000-000000000018dfff 0x0104/0x0004 0x0020000
637	1c4c.1fcc: 000000000018e000-000000000018ffff 0x0004/0x0004 0x0020000
638	1c4c.1fcc: 0000000000190000-00000000775dffff 0x0001/0x0000 0x0000000
639	1c4c.1fcc: *00000000775e0000-00000000775e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
640	1c4c.1fcc: 00000000775e1000-00000000776dffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
641	1c4c.1fcc: 00000000776e0000-000000007770efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
642	1c4c.1fcc: 000000007770f000-0000000077716fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
643	1c4c.1fcc: 0000000077717000-0000000077717fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
644	1c4c.1fcc: 0000000077718000-000000007771afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
645	1c4c.1fcc: 000000007771b000-0000000077789fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
646	1c4c.1fcc: 000000007778a000-000000007efdffff 0x0001/0x0000 0x0000000
647	1c4c.1fcc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
648	1c4c.1fcc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
649	1c4c.1fcc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
650	1c4c.1fcc: 000000007fff0000-000000013f2dffff 0x0001/0x0000 0x0000000
651	1c4c.1fcc: *000000013f2e0000-000000013f2e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
652	1c4c.1fcc: 000000013f2e1000-000000013f351fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
653	1c4c.1fcc: 000000013f352000-000000013f352fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
654	1c4c.1fcc: 000000013f353000-000000013f398fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
655	1c4c.1fcc: 000000013f399000-000000013f399fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
656	1c4c.1fcc: 000000013f39a000-000000013f39afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
657	1c4c.1fcc: 000000013f39b000-000000013f39ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
658	1c4c.1fcc: 000000013f3a0000-000000013f3a0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
659	1c4c.1fcc: 000000013f3a1000-000000013f3a1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
660	1c4c.1fcc: 000000013f3a2000-000000013f3a5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
661	1c4c.1fcc: 000000013f3a6000-000000013f3edfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
662	1c4c.1fcc: 000000013f3ee000-000007feff8cffff 0x0001/0x0000 0x0000000
663	1c4c.1fcc: *000007feff8d0000-000007feff8d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
664	1c4c.1fcc: 000007feff8d1000-000007fffffaffff 0x0001/0x0000 0x0000000
665	1c4c.1fcc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
666	1c4c.1fcc: 000007fffffd3000-000007fffffd4fff 0x0001/0x0000 0x0000000
667	1c4c.1fcc: *000007fffffd5000-000007fffffd5fff 0x0004/0x0004 0x0020000
668	1c4c.1fcc: 000007fffffd6000-000007fffffddfff 0x0001/0x0000 0x0000000
669	1c4c.1fcc: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
670	1c4c.1fcc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
671	1c4c.1fcc: apisetschema.dll: timestamp 0x56a1c890 (rc=VINF_SUCCESS)
672	1c4c.1fcc: VirtualBox.exe: timestamp 0x5a942b95 (rc=VINF_SUCCESS)
673	1c4c.1fcc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
674	1c4c.1fcc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
675	1c4c.1fcc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
676	1c4c.1fcc: supR3HardNtChildPurify: Done after 561 ms and 0 fixes (loop #0).
677	13a8.fe0: Log file opened: 5.2.8r121009 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
678	13a8.fe0: supR3HardenedVmProcessInit: uNtDllAddr=00000000775e0000 g_uNtVerCombined=0x611db100
679	13a8.fe0: ntdll.dll: timestamp 0x56a1c9c5 (rc=VINF_SUCCESS)
680	13a8.fe0: New simple heap: #1 0000000000290000 LB 0x400000 (for 1744896 allocation)
681	1c4c.1fcc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000)
682	1c4c.1fcc: supR3HardNtEnableThreadCreation:
683	13a8.fe0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
684	13a8.fe0: System32: \Device\HarddiskVolume2\Windows\System32
685	13a8.fe0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
686	13a8.fe0: KnownDllPath: C:\Windows\system32
687	13a8.fe0: supR3HardenedVmProcessInit: Opening vboxdrv...
688	13a8.fe0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
689	13a8.fe0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
690	13a8.fe0: Registered Dll notification callback with NTDLL.
691	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
692	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
693	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
694	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
695	13a8.fe0: supR3HardenedDllNotificationCallback: load 00000000773c0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
696	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
697	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd5f0000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
698	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
699	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
700	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773c0000 'C:\Windows\system32\kernel32.dll'
701	13a8.fe0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007760b170 pvNtTerminateThread=000000007762d8e0
702	1c4c.1fcc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 30 ms.
703	13a8.fe0: \SystemRoot\System32\ntdll.dll:
704	13a8.fe0: CreationTime: 2017-08-14T17:14:44.340157000Z
705	13a8.fe0: LastWriteTime: 2016-01-22T06:24:12.217581500Z
706	13a8.fe0: ChangeTime: 2017-08-15T14:19:38.552447400Z
707	13a8.fe0: FileAttributes: 0x20
708	13a8.fe0: Size: 0x1a73d8
709	13a8.fe0: NT Headers: 0xe0
710	13a8.fe0: Timestamp: 0x56a1c9c5
711	13a8.fe0: Machine: 0x8664 - amd64
712	13a8.fe0: Timestamp: 0x56a1c9c5
713	13a8.fe0: Image Version: 6.1
714	13a8.fe0: SizeOfImage: 0x1aa000 (1744896)
715	13a8.fe0: Resource Dir: 0x14e000 LB 0x5a028
716	13a8.fe0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
717	13a8.fe0: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
718	13a8.fe0: ProductName: Microsoft® Windows® Operating System
719	13a8.fe0: ProductVersion: 6.1.7601.19135
720	13a8.fe0: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
721	13a8.fe0: FileDescription: NT Layer DLL
722	13a8.fe0: \SystemRoot\System32\kernel32.dll:
723	13a8.fe0: CreationTime: 2017-08-14T17:14:42.421353600Z
724	13a8.fe0: LastWriteTime: 2016-01-22T06:15:31.619000000Z
725	13a8.fe0: ChangeTime: 2017-08-15T14:19:39.675649400Z
726	13a8.fe0: FileAttributes: 0x20
727	13a8.fe0: Size: 0x11c000
728	13a8.fe0: NT Headers: 0xe8
729	13a8.fe0: Timestamp: 0x56a1c9ab
730	13a8.fe0: Machine: 0x8664 - amd64
731	13a8.fe0: Timestamp: 0x56a1c9ab
732	13a8.fe0: Image Version: 6.1
733	13a8.fe0: SizeOfImage: 0x11f000 (1175552)
734	13a8.fe0: Resource Dir: 0x116000 LB 0x528
735	13a8.fe0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
736	13a8.fe0: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
737	13a8.fe0: ProductName: Microsoft® Windows® Operating System
738	13a8.fe0: ProductVersion: 6.1.7601.19135
739	13a8.fe0: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
740	13a8.fe0: FileDescription: Windows NT BASE API Client DLL
741	13a8.fe0: \SystemRoot\System32\KernelBase.dll:
742	13a8.fe0: CreationTime: 2017-08-14T17:14:42.296553400Z
743	13a8.fe0: LastWriteTime: 2016-01-22T06:15:31.822000000Z
744	13a8.fe0: ChangeTime: 2017-08-15T14:19:39.691249400Z
745	13a8.fe0: FileAttributes: 0x20
746	13a8.fe0: Size: 0x67200
747	13a8.fe0: NT Headers: 0xe8
748	13a8.fe0: Timestamp: 0x56a1c9ac
749	13a8.fe0: Machine: 0x8664 - amd64
750	13a8.fe0: Timestamp: 0x56a1c9ac
751	13a8.fe0: Image Version: 6.1
752	13a8.fe0: SizeOfImage: 0x6b000 (438272)
753	13a8.fe0: Resource Dir: 0x69000 LB 0x530
754	13a8.fe0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
755	13a8.fe0: [Raw version resource data: 0x690b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
756	13a8.fe0: ProductName: Microsoft® Windows® Operating System
757	13a8.fe0: ProductVersion: 6.1.7601.19135
758	13a8.fe0: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
759	13a8.fe0: FileDescription: Windows NT BASE API Client DLL
760	13a8.fe0: \SystemRoot\System32\apisetschema.dll:
761	13a8.fe0: CreationTime: 2017-08-14T17:14:40.192149700Z
762	13a8.fe0: LastWriteTime: 2016-01-22T06:12:25.181000000Z
763	13a8.fe0: ChangeTime: 2017-08-15T14:19:38.474447300Z
764	13a8.fe0: FileAttributes: 0x20
765	13a8.fe0: Size: 0x1a00
766	13a8.fe0: NT Headers: 0xc0
767	13a8.fe0: Timestamp: 0x56a1c890
768	13a8.fe0: Machine: 0x8664 - amd64
769	13a8.fe0: Timestamp: 0x56a1c890
770	13a8.fe0: Image Version: 6.1
771	13a8.fe0: SizeOfImage: 0x50000 (327680)
772	13a8.fe0: Resource Dir: 0x30000 LB 0x3f8
773	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
774	13a8.fe0: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
775	13a8.fe0: ProductName: Microsoft® Windows® Operating System
776	13a8.fe0: ProductVersion: 6.1.7601.19135
777	13a8.fe0: FileVersion: 6.1.7601.19135 (win7sp1_gdr.160121-1718)
778	13a8.fe0: FileDescription: ApiSet Schema DLL
779	13a8.fe0: Found driver klkbdflt (0x40)
780	13a8.fe0: Found driver klmouflt (0x40)
781	13a8.fe0: Found driver KLIM6 (0x40)
782	13a8.fe0: Found driver kl1 (0x40)
783	13a8.fe0: Found driver klflt (0x40)
784	13a8.fe0: Found driver kneps (0x40)
785	13a8.fe0: Found driver kltdi (0x40)
786	13a8.fe0: supR3HardenedWinFindAdversaries: 0x40
787	13a8.fe0: \SystemRoot\System32\drivers\kl1.sys:
788	13a8.fe0: CreationTime: 2016-09-30T23:26:00.000000000Z
789	13a8.fe0: LastWriteTime: 2016-09-30T23:26:00.000000000Z
790	13a8.fe0: ChangeTime: 2017-08-14T17:05:02.334784600Z
791	13a8.fe0: FileAttributes: 0x20
792	13a8.fe0: Size: 0x875a8
793	13a8.fe0: NT Headers: 0xe8
794	13a8.fe0: Timestamp: 0x56fe83ac
795	13a8.fe0: Machine: 0x8664 - amd64
796	13a8.fe0: Timestamp: 0x56fe83ac
797	13a8.fe0: Image Version: 0.0
798	13a8.fe0: SizeOfImage: 0x709000 (7376896)
799	13a8.fe0: Resource Dir: 0x707000 LB 0x448
800	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x419)]
801	13a8.fe0: [Raw version resource data: 0x707060 LB 0x3e4, codepage 0x0 (reserved 0x0)]
802	13a8.fe0: ProductName: Kaspersky Anti-Virus
803	13a8.fe0: ProductVersion: 6.0.1.990
804	13a8.fe0: FileVersion: 6.8.0.67
805	13a8.fe0: FileDescription: Kaspersky Unified Driver
806	13a8.fe0: \SystemRoot\System32\drivers\klflt.sys:
807	13a8.fe0: CreationTime: 2017-08-14T17:04:42.007949100Z
808	13a8.fe0: LastWriteTime: 2017-10-15T12:48:48.677255100Z
809	13a8.fe0: ChangeTime: 2017-10-15T12:50:31.265122800Z
810	13a8.fe0: FileAttributes: 0x20
811	13a8.fe0: Size: 0x324d8
812	13a8.fe0: NT Headers: 0xf8
813	13a8.fe0: Timestamp: 0x596f4b46
814	13a8.fe0: Machine: 0x8664 - amd64
815	13a8.fe0: Timestamp: 0x596f4b46
816	13a8.fe0: Image Version: 6.0
817	13a8.fe0: SizeOfImage: 0x3e000 (253952)
818	13a8.fe0: Resource Dir: 0x3c000 LB 0x418
819	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
820	13a8.fe0: [Raw version resource data: 0x3c060 LB 0x3b4, codepage 0x0 (reserved 0x0)]
821	13a8.fe0: ProductName: System Interceptors PDK
822	13a8.fe0: ProductVersion: 13.0.56.0
823	13a8.fe0: FileVersion: 13.0.56.0
824	13a8.fe0: FileDescription: Filter Core [fre_wlh_x64]
825	13a8.fe0: \SystemRoot\System32\drivers\klif.sys:
826	13a8.fe0: CreationTime: 2017-08-14T17:04:42.023549200Z
827	13a8.fe0: LastWriteTime: 2018-02-21T13:22:36.506612300Z
828	13a8.fe0: ChangeTime: 2018-02-21T13:22:40.842860400Z
829	13a8.fe0: FileAttributes: 0x20
830	13a8.fe0: Size: 0x105ec8
831	13a8.fe0: NT Headers: 0x118
832	13a8.fe0: Timestamp: 0x5a6b1fa1
833	13a8.fe0: Machine: 0x8664 - amd64
834	13a8.fe0: Timestamp: 0x5a6b1fa1
835	13a8.fe0: Image Version: 6.0
836	13a8.fe0: SizeOfImage: 0x10d000 (1101824)
837	13a8.fe0: Resource Dir: 0x109000 LB 0x2230
838	13a8.fe0: [Version info resource found at 0x150! (ID/Name: 0x1; SubID/SubName: 0x409)]
839	13a8.fe0: [Raw version resource data: 0x109618 LB 0x3d8, codepage 0x0 (reserved 0x0)]
840	13a8.fe0: ProductName: System Interceptors PDK
841	13a8.fe0: ProductVersion: 13.0.349.0
842	13a8.fe0: FileVersion: 13.0.349.0
843	13a8.fe0: FileDescription: Core System Interceptors [fre_wlh_x64]
844	13a8.fe0: \SystemRoot\System32\drivers\klim6.sys:
845	13a8.fe0: CreationTime: 2016-10-11T11:14:28.000000000Z
846	13a8.fe0: LastWriteTime: 2018-02-21T13:22:36.699623400Z
847	13a8.fe0: ChangeTime: 2018-02-21T13:22:40.852860900Z
848	13a8.fe0: FileAttributes: 0x20
849	13a8.fe0: Size: 0xdec0
850	13a8.fe0: NT Headers: 0x100
851	13a8.fe0: Timestamp: 0x5a5f21e8
852	13a8.fe0: Machine: 0x8664 - amd64
853	13a8.fe0: Timestamp: 0x5a5f21e8
854	13a8.fe0: Image Version: 6.0
855	13a8.fe0: SizeOfImage: 0xc000 (49152)
856	13a8.fe0: Resource Dir: 0xa000 LB 0x428
857	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
858	13a8.fe0: [Raw version resource data: 0xa060 LB 0x3c8, codepage 0x0 (reserved 0x0)]
859	13a8.fe0: ProductName: System Interceptors PDK
860	13a8.fe0: ProductVersion: 14.0.0.16
861	13a8.fe0: FileVersion: 14.0.0.16
862	13a8.fe0: FileDescription: Packet Network Filter [fre_wlh_x64]
863	13a8.fe0: \SystemRoot\System32\drivers\klkbdflt.sys:
864	13a8.fe0: CreationTime: 2016-12-23T06:19:30.000000000Z
865	13a8.fe0: LastWriteTime: 2016-12-23T06:19:30.000000000Z
866	13a8.fe0: ChangeTime: 2017-08-14T17:05:02.693585200Z
867	13a8.fe0: FileAttributes: 0x20
868	13a8.fe0: Size: 0xe0e0
869	13a8.fe0: NT Headers: 0xf8
870	13a8.fe0: Timestamp: 0x5859ab81
871	13a8.fe0: Machine: 0x8664 - amd64
872	13a8.fe0: Timestamp: 0x5859ab81
873	13a8.fe0: Image Version: 6.0
874	13a8.fe0: SizeOfImage: 0xe000 (57344)
875	13a8.fe0: Resource Dir: 0xc000 LB 0x438
876	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
877	13a8.fe0: [Raw version resource data: 0xc060 LB 0x3d4, codepage 0x0 (reserved 0x0)]
878	13a8.fe0: ProductName: System Interceptors PDK
879	13a8.fe0: ProductVersion: 13.0.0.8
880	13a8.fe0: FileVersion: 13.0.0.8
881	13a8.fe0: FileDescription: Keyboard Device Filter [fre_wlh_x64]
882	13a8.fe0: \SystemRoot\System32\drivers\klmouflt.sys:
883	13a8.fe0: CreationTime: 2016-12-07T06:38:46.000000000Z
884	13a8.fe0: LastWriteTime: 2016-12-07T06:38:46.000000000Z
885	13a8.fe0: ChangeTime: 2017-08-14T17:05:02.568785000Z
886	13a8.fe0: FileAttributes: 0x20
887	13a8.fe0: Size: 0xe4e0
888	13a8.fe0: NT Headers: 0xf8
889	13a8.fe0: Timestamp: 0x583e86c3
890	13a8.fe0: Machine: 0x8664 - amd64
891	13a8.fe0: Timestamp: 0x583e86c3
892	13a8.fe0: Image Version: 6.0
893	13a8.fe0: SizeOfImage: 0xf000 (61440)
894	13a8.fe0: Resource Dir: 0xd000 LB 0x430
895	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
896	13a8.fe0: [Raw version resource data: 0xd060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
897	13a8.fe0: ProductName: System Interceptors PDK
898	13a8.fe0: ProductVersion: 13.0.0.5
899	13a8.fe0: FileVersion: 13.0.0.5
900	13a8.fe0: FileDescription: Mouse Device Filter [fre_wlh_x64]
901	13a8.fe0: \SystemRoot\System32\drivers\kltdi.sys:
902	13a8.fe0: CreationTime: 2017-06-20T11:32:46.000000000Z
903	13a8.fe0: LastWriteTime: 2017-06-20T11:32:46.000000000Z
904	13a8.fe0: ChangeTime: 2017-08-14T17:05:03.083585900Z
905	13a8.fe0: FileAttributes: 0x20
906	13a8.fe0: Size: 0x13ff0
907	13a8.fe0: NT Headers: 0xf0
908	13a8.fe0: Timestamp: 0x58bd327c
909	13a8.fe0: Machine: 0x8664 - amd64
910	13a8.fe0: Timestamp: 0x58bd327c
911	13a8.fe0: Image Version: 5.2
912	13a8.fe0: SizeOfImage: 0x12000 (73728)
913	13a8.fe0: Resource Dir: 0x10000 LB 0x430
914	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
915	13a8.fe0: [Raw version resource data: 0x10060 LB 0x3cc, codepage 0x0 (reserved 0x0)]
916	13a8.fe0: ProductName: System Interceptors PDK
917	13a8.fe0: ProductVersion: 13.0.0.12
918	13a8.fe0: FileVersion: 13.0.0.12
919	13a8.fe0: FileDescription: Legacy Network Filter [fre_wnet_x64]
920	13a8.fe0: \SystemRoot\System32\drivers\kneps.sys:
921	13a8.fe0: CreationTime: 2017-06-20T11:32:46.000000000Z
922	13a8.fe0: LastWriteTime: 2017-12-14T16:33:26.144749900Z
923	13a8.fe0: ChangeTime: 2017-12-14T16:33:29.624949000Z
924	13a8.fe0: FileAttributes: 0x20
925	13a8.fe0: Size: 0x30ae0
926	13a8.fe0: NT Headers: 0x110
927	13a8.fe0: Timestamp: 0x5a0e923b
928	13a8.fe0: Machine: 0x8664 - amd64
929	13a8.fe0: Timestamp: 0x5a0e923b
930	13a8.fe0: Image Version: 5.2
931	13a8.fe0: SizeOfImage: 0x2d000 (184320)
932	13a8.fe0: Resource Dir: 0x2b000 LB 0x428
933	13a8.fe0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
934	13a8.fe0: [Raw version resource data: 0x2b060 LB 0x3c4, codepage 0x0 (reserved 0x0)]
935	13a8.fe0: ProductName: System Interceptors PDK
936	13a8.fe0: ProductVersion: 13.0.0.40
937	13a8.fe0: FileVersion: 13.0.0.40
938	13a8.fe0: FileDescription: Network Processor [fre_wnet_x64]
939	13a8.fe0: \SystemRoot\System32\klfphc.dll:
940	13a8.fe0: CreationTime: 2017-08-14T17:05:02.287984500Z
941	13a8.fe0: LastWriteTime: 2013-05-06T05:13:26.000000000Z
942	13a8.fe0: ChangeTime: 2017-08-14T17:04:53.863969800Z
943	13a8.fe0: FileAttributes: 0x20
944	13a8.fe0: Size: 0x1ae60
945	13a8.fe0: NT Headers: 0xe8
946	13a8.fe0: Timestamp: 0x51873bf2
947	13a8.fe0: Machine: 0x8664 - amd64
948	13a8.fe0: Timestamp: 0x51873bf2
949	13a8.fe0: Image Version: 0.0
950	13a8.fe0: SizeOfImage: 0x1d000 (118784)
951	13a8.fe0: Resource Dir: 0x18000 LB 0x3c80
952	13a8.fe0: [Version info resource found at 0x188! (ID/Name: 0x1; SubID/SubName: 0x409)]
953	13a8.fe0: [Raw version resource data: 0x1b800 LB 0x324, codepage 0x4e4 (reserved 0x0)]
954	13a8.fe0: ProductName: Kaspersky™ Anti-Virus ®
955	13a8.fe0: ProductVersion: 1.0.0.12
956	13a8.fe0: FileVersion: 1.0.0.12
957	13a8.fe0: FileDescription: Filtering Platform Helper Class
958	13a8.fe0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
959	13a8.fe0: Calling main()
960	13a8.fe0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
961	13a8.fe0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
962	13a8.fe0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
963	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
964	13a8.fe0: SUPR3HardenedMain: Final process, opening VBoxDrv...
965	13a8.fe0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000290000 LB 0x400000)
966	13a8.fe0: supR3HardNtEnableThreadCreation:
967	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
968	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
969	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018b431:<flags> [calling]
970	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
971	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feef420000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
972	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
973	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
974	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000188bb1:<flags> [calling]
975	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
976	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
977	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000188bb1:<flags> [calling]
978	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
979	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef420000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
980	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
981	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
982	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
983	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
984	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
985	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
986	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
987	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
988	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
989	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
990	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
991	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
992	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
993	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
994	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
995	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
996	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
997	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
998	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
999	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1000	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1001	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1002	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
1003	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1004	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1005	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1006	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1007	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1008	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1009	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1010	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d241:<flags> [calling]
1011	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1012	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd720000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
1013	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1014	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe0e0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
1015	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1016	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x0016a000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
1017	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1018	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd5a0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
1019	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1020	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe650000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
1021	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1022	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'C:\Windows\system32\Wintrust.dll'
1023	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
1024	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1025	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d241:<flags> [calling]
1026	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1027	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefcf20000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
1028	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1029	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\bcrypt.dll'
1030	13a8.fe0: bcrypt.dll loaded at 000007fefcf20000, BCryptOpenAlgorithmProvider at 000007fefcf22640, preloading providers:
1031	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
1032	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
1033	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
1034	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
1035	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1036	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1037	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1038	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1039	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1040	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1041	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
1042	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
1043	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1044	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1045	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1046	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1047	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1048	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1049	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1050	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d231:<flags> [calling]
1051	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1052	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefc9d0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
1053	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
1054	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feff760000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
1055	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1056	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1057	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
1058	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
1059	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
1060	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe4c0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
1061	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
1062	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9d0000 'C:\Windows\system32\bcryptprimitives.dll'
1063	13a8.fe0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0000000000805980)
1064	13a8.fe0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0000000000807840)
1065	13a8.fe0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0000000000807960)
1066	13a8.fe0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000807b70)
1067	13a8.fe0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000807c90)
1068	13a8.fe0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000807db0)
1069	13a8.fe0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000807ff0)
1070	13a8.fe0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000808110)
1071	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
1072	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1073	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1074	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1075	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1076	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1077	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1078	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1079	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cdb1:<flags> [calling]
1080	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1081	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
1082	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1083	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTSP.dll'
1084	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1085	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
1086	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
1087	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1088	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1089	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1090	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cd41:<flags> [calling]
1091	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1092	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefca90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
1093	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
1094	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca90000 'C:\Windows\system32\rsaenh.dll'
1095	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1096	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c5d1:<flags> [calling]
1097	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff760000 'C:\Windows\system32\ADVAPI32.dll'
1098	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
1099	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1100	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c951:<flags> [calling]
1101	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1102	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd430000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
1103	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
1104	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\CRYPTBASE.dll'
1105	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1106	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c381:<flags> [calling]
1107	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773c0000 'C:\Windows\system32\kernel32.dll'
1108	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
1109	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cd11:<flags> [calling]
1110	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'C:\Windows\system32\WINTRUST.DLL'
1111	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1112	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018cb41:<flags> [calling]
1113	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\CRYPT32.dll'
1114	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1115	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
1116	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
1117	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1118	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1119	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1120	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1121	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1122	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1123	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1124	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cb91:<flags> [calling]
1125	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1126	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefdb30000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
1127	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
1128	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb30000 'C:\Windows\system32\imagehlp.dll'
1129	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
1130	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cce1:<flags> [calling]
1131	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\CRYPTSP.dll'
1132	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1133	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
1134	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
1135	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1136	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1137	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1138	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
1139	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
1140	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1141	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
1142	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
1143	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1144	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1145	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
1146	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
1147	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
1148	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1149	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1150	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1151	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
1152	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
1153	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1154	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1155	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1156	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
1157	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
1158	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1159	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1160	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1161	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1162	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1163	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1164	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1165	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1166	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1167	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1168	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1169	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1170	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1171	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1172	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1173	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c811:<flags> [calling]
1174	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1175	13a8.fe0: supR3HardenedDllNotificationCallback: load 00000000774e0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
1176	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1177	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feff850000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
1178	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1179	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feff840000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
1180	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
1181	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
1182	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
1183	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1184	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018bd11:<flags> [calling]
1185	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff850000 'C:\Windows\system32\gdi32.dll'
1186	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
1187	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1188	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
1189	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
1190	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
1191	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
1192	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
1193	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1194	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1195	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1196	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
1197	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
1198	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
1199	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1200	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1201	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1202	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1203	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1204	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1205	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1206	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1207	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1208	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1209	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1210	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1211	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1212	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1213	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1214	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1215	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1216	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1217	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018b651:<flags> [calling]
1218	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1219	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe300000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
1220	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1221	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
1222	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1223	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'C:\Windows\system32\IMM32.DLL'
1224	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774e0000 'C:\Windows\system32\USER32.dll'
1225	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1226	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1227	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1228	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1229	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1230	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1231	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1232	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1233	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1234	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1235	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1236	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1237	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1238	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1239	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018cb11:<flags> [calling]
1240	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1241	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefcf50000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
1242	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1243	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf50000 'C:\Windows\system32\ncrypt.dll'
1244	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1245	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c901:<flags> [calling]
1246	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf20000 'C:\Windows\system32\bcrypt.dll'
1247	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1248	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1249	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1250	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
1251	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1252	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1253	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1254	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1255	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1256	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1257	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1258	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1259	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1260	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1261	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1262	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1263	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1264	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1265	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1266	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c301:<flags> [calling]
1267	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1268	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefc840000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
1269	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1270	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1271	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd500000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
1272	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1273	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc840000 'C:\Windows\system32\USERENV.dll'
1274	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1275	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c061:<flags> [calling]
1276	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1277	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1278	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c3f1:<flags> [calling]
1279	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1280	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1281	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1282	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1283	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1284	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1285	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1286	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1287	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1288	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1289	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1290	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c621:<flags> [calling]
1291	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1292	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefc820000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
1293	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1294	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc820000 'C:\Windows\system32\GPAPI.dll'
1295	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1296	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c571:<flags> [calling]
1297	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1298	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1299	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018bc71:<flags> [calling]
1300	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe650000 'C:\Windows\system32\rpcrt4.dll'
1301	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1302	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c551:<flags> [calling]
1303	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1304	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1305	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c561:<flags> [calling]
1306	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1307	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1308	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1309	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1310	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1311	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1312	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1313	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1314	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1315	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1316	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1317	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1318	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1319	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1320	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1321	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1322	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1323	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1324	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1325	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1326	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1327	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1328	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1329	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1330	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c041:<flags> [calling]
1331	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1332	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fef7820000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
1333	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1334	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe5f0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
1335	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1336	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1337	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1338	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1339	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1340	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1341	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1342	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1343	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1344	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1345	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1346	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1347	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1348	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1349	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1350	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1351	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1352	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=000000000018b271:<flags> [calling]
1353	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1354	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1355	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1356	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1357	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1358	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1359	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1360	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1361	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1362	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1363	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1364	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1365	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1366	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7820000 'C:\Windows\system32\cryptnet.dll'
1367	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1368	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018b9d1:<flags> [calling]
1369	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1370	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1371	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018b9d1:<flags> [calling]
1372	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\Windows\system32\profapi.dll'
1373	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1374	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1375	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1376	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1377	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1378	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1379	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1380	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1381	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1382	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1383	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1384	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1385	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1386	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1387	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018b471:<flags> [calling]
1388	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1389	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe780000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
1390	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1391	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe780000 'C:\Windows\system32\SHLWAPI.dll'
1392	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1393	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007ff4b0
1394	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1395	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=881FA305C5390C7D979151AFB211130389B9E066
1396	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1397	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c2c1:<flags> [calling]
1398	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1399	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1400	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018be21:<flags> [calling]
1401	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1402	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1403	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018be21:<flags> [calling]
1404	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1405	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1406	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c2c1:<flags> [calling]
1407	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff760000 'C:\Windows\system32\ADVAPI32.dll'
1408	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1409	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018c271:<flags> [calling]
1410	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1411	13a8.fe0: supR3HardenedIsApiSetDll: '<NULL>' -> true
1412	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000018bf61:<flags> [calling]
1413	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1414	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1415	13a8.fe0: g_pfnWinVerifyTrust=000007fefd721010
1416	13a8.fe0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1417	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1418	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1419	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1420	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F4982E5F19EEC9EA72436D469FB5B41639FB6890
1421	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1422	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1423	13a8.fe0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1424	13a8.fe0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1425	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1426	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1427	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1428	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBD5D88D100825A4A22743B0FD6EF53BF9B657CA
1429	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1430	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1431	13a8.fe0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1432	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1433	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1434	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1435	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1436	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1437	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1438	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1439	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000398 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1440	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1441	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1442	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1443	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1444	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1445	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1446	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000394 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1447	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1448	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1449	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0763F1478C58F0F99A6A6E775E5D3BF96015915
1450	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2813430~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1451	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1452	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1453	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1454	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1455	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1456	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1457	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1458	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1459	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1460	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1461	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1462	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1463	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1464	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1465	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1466	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1467	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1468	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1469	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1470	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1471	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1472	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1473	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1474	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1475	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1476	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1477	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1D092E2A4891EA2A659F7204097B2FDEA00B39
1478	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1479	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1480	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1481	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1482	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1483	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1484	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1485	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1486	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1487	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1488	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1489	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1490	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1491	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1492	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1493	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1494	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1495	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1496	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1497	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1498	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
1499	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1500	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1501	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1502	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1503	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1504	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1505	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
1506	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1507	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1508	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1509	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1510	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1511	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1512	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
1513	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1514	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1515	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1516	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1517	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1518	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1519	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1520	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1521	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000007ff4b0
1522	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1523	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1524	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1525	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1526	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1527	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1528	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1529	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1530	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2F0A0F84DD55507C56A273E145872B7ECBEDE3F5
1531	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2653956~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1532	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1533	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1534	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1535	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1536	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1537	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1B332BBD335EB2D5000C2255987CB8F1140EB342
1538	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1539	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1540	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1541	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1542	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1543	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1544	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1545	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1546	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1547	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1548	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1549	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1550	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1551	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1552	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1553	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1554	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1555	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1556	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1557	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1558	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1559	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D906429F9D53CF720E851B490EC83BEAAF9B21A
1560	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_151_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1561	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1562	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1563	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1564	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1565	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1566	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1567	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1568	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1569	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1570	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1571	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1572	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1573	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1574	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1575	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1576	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1577	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1578	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1579	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1580	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1581	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1582	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1583	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1584	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1585	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1586	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1587	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1588	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7ADE500A5ED2DBC433C8ECAF28966675E5CFE36
1589	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1590	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1591	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1592	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1593	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1594	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1595	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1596	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=051C28F4FFE71436B92254D1A7955B1849CE5AA5
1597	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1598	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1599	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1600	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1601	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1602	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1603	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD27BC39174E86B1E177AF200D6BC895B032AB0E
1604	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_88_for_KB3126587~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1605	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1606	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1607	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1608	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018bd51:<flags> [calling]
1609	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\crypt32.dll'
1610	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1611	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1612	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1613	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1614	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1615	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1616	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x97edbd2d1165c200 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
1617	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1618	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1619	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1620	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1621	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
1622	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1623	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1624	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1625	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1626	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1627	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1628	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1629	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1630	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1631	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1632	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1633	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1634	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1635	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
1636	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1637	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1638	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1639	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1640	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1641	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1642	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1643	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1644	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1645	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xef477acf4ab2d300 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 2009
1646	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1647	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1648	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1649	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1650	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1651	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1652	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1653	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1654	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1655	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
1656	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1657	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1658	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1659	13a8.fe0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1660	13a8.fe0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
1661	13a8.fe0: SUPR3HardenedMain: Load Runtime...
1662	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1663	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1664	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1665	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1666	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1667	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1668	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1669	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1670	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1671	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1672	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1673	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1674	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1675	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1676	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1677	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1678	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1679	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1680	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1681	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1682	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1683	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1684	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1685	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1686	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1687	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1688	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1689	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1690	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1691	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1692	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1693	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1694	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1695	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1696	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1697	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1698	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1699	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1700	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1701	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1702	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1703	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1704	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1705	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1706	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1707	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1708	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1709	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1710	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1711	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1712	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c081:<flags> [calling]
1713	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1714	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fedeae0000 LB 0x00590000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1715	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1716	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1717	13a8.fe0: supR3HardenedDllNotificationCallback: load 000000006d630000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1718	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1719	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1720	13a8.fe0: supR3HardenedDllNotificationCallback: load 0000000066960000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1721	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1722	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefdde0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1723	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1724	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe330000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1725	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1726	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1727	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1728	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1729	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1730	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1731	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1732	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1733	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1734	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1735	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1736	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1737	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1738	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1739	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1740	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1741	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1742	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1743	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1744	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1745	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1746	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1747	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1748	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1749	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1750	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1751	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1752	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1753	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1754	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1755	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1756	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1757	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1758	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1759	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1760	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1761	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1762	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1763	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1764	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1765	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1766	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1767	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1768	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1769	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1770	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001897c1:<flags> [calling]
1771	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1772	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1773	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1774	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedeae0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1775	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1776	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018dbe1:<flags> [calling]
1777	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd720000 'C:\Windows\system32\Wintrust.dll'
1778	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1779	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c731:<flags> [calling]
1780	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\crypt32.dll'
1781	13a8.fe0: SUPR3HardenedMain: Load TrustedMain...
1782	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1783	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1784	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1785	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1786	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1787	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1788	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1789	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1790	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1791	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1792	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1793	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1794	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1795	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1796	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1797	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1798	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1799	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1800	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1801	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1802	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1803	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1804	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1805	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1806	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1807	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1808	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1809	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1810	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1811	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1812	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1813	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1814	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1815	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1816	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
1817	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1818	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1819	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1820	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1821	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1822	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1823	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1824	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1825	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1826	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1827	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1828	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1829	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1830	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1831	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1832	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1833	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1834	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1835	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1836	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1837	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1838	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1839	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1840	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1841	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1842	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1843	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1844	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1845	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
1846	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1847	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1848	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1849	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1850	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1851	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1852	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1853	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1854	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1855	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1856	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1857	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1858	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1859	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1860	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1861	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1862	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1863	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1864	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1865	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1866	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1867	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1868	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1869	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1870	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1871	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1872	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1873	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1874	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1875	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1876	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1877	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1878	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1879	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1880	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1881	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1882	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1883	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1884	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1885	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1886	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1887	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1888	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1889	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1890	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1891	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1892	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1893	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1894	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1895	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1896	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1897	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1898	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1899	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1900	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1901	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1902	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1903	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1904	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1905	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1906	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1907	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1908	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1909	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1910	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1911	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1912	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1913	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1914	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1915	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1916	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1917	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1918	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1919	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1920	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1921	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1922	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1923	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1924	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1925	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1926	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1927	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1928	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1929	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1930	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1931	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1932	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1933	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1934	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1935	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1936	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1937	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1938	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1939	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1940	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1941	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1942	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1943	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1944	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1945	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1946	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1947	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1948	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1949	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1950	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1951	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1952	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1953	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1954	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1955	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1956	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1957	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1958	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1959	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1960	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1961	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1962	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1963	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1964	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1965	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1966	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1967	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1968	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1969	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1970	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1971	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1972	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1973	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1974	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1975	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1976	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1977	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1978	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1979	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1980	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1981	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1982	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1983	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1984	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1985	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
1986	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
1987	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1988	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1989	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1990	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1991	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1992	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1993	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1994	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1995	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1996	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1997	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1998	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1999	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2000	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2001	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2002	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2003	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2004	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2005	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2006	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2007	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2008	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2009	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2010	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2011	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2012	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2013	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2014	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2015	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2016	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2017	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2018	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2019	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2020	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2021	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2022	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2023	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2024	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2025	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2026	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2027	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2028	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2029	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2030	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2031	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2032	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2033	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2034	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2035	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2036	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2037	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2038	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2039	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2040	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2041	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2042	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2043	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2044	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2045	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2046	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2047	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
2048	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
2049	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2050	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2051	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2052	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
2053	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
2054	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2055	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2056	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
2057	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2058	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2059	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
2060	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2061	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
2062	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2063	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
2064	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
2065	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
2066	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2067	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2068	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
2069	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
2070	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2071	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2072	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2073	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2074	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
2075	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
2076	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2077	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2078	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2079	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2080	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2081	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2082	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2083	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2084	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2085	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2086	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2087	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2088	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2089	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2090	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2091	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2092	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2093	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2094	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2095	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2096	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2097	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2098	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2099	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2100	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2101	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2102	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2103	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2104	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2105	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2106	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2107	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2108	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2109	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2110	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2111	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2112	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2113	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2114	13a8.fe0: Error (rc=0):
2115	13a8.fe0: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
2116	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2117	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2118	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2119	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2120	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2121	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2122	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2123	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2124	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2125	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2126	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2127	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2128	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2129	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2130	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2131	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2132	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2133	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2134	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2135	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2136	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2137	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2138	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2139	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2140	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2141	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2142	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2143	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2144	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
2145	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
2146	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
2147	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2148	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2149	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
2150	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
2151	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2152	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2153	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2154	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2155	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
2156	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
2157	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2158	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2159	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
2160	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2161	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2162	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2163	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2164	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2165	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2166	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2167	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2168	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2169	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2170	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2171	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2172	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2173	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2174	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2175	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2176	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2177	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2178	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2179	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
2180	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2181	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2182	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2183	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2184	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2185	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
2186	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2187	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2188	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2189	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
2190	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2191	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2192	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2193	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
2194	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2195	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2196	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2197	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2198	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2199	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2200	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2201	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2202	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
2203	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2204	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2205	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2206	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2207	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2208	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
2209	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2210	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2211	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
2212	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
2213	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2214	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2215	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2216	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2217	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
2218	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2219	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2220	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2221	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2222	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2223	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2224	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2225	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2226	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2227	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2228	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2229	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2230	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2231	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
2232	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2233	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2234	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2235	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
2236	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2237	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2238	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2239	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
2240	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
2241	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2242	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2243	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2244	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2245	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2246	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2247	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2248	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2249	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2250	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2251	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2252	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2253	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2254	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2255	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2256	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2257	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2258	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
2259	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2260	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2261	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2262	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2263	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
2264	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2265	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2266	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2267	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2268	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2269	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2270	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2271	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2272	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2273	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2274	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2275	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2276	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2277	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2278	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2279	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2280	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2281	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2282	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2283	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2284	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2285	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2286	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2287	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2288	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c091:<flags> [calling]
2289	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2290	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fede0d0000 LB 0x00a06000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2291	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2292	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2293	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feddfb0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
2294	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2295	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2296	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fee1270000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
2297	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2298	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2299	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007feddeb0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
2300	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2301	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2302	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fee4690000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
2303	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2304	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefde30000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
2305	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2306	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd5b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
2307	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2308	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe180000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
2309	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2310	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefdbd0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
2311	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2312	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefd700000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
2313	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
2314	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2315	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefb860000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
2316	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2317	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2318	13a8.fe0: supR3HardenedDllNotificationCallback: load 000000005a1f0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2319	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2320	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
2321	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2322	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
2323	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefa890000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
2324	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
2325	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2326	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fedd8b0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2327	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2328	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2329	13a8.fe0: supR3HardenedDllNotificationCallback: load 0000000057d50000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2330	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2331	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2332	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fedf660000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2333	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2334	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2335	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fef8120000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
2336	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2337	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefe800000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
2338	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2339	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2340	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2341	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2342	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
2343	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
2344	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefa8b0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
2345	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
2346	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2347	13a8.fe0: supR3HardenedDllNotificationCallback: load 0000000066900000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2348	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2349	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2350	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefa520000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
2351	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2352	13a8.fe0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
2353	13a8.fe0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled]
2354	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2355	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2356	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2357	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2358	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2359	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2360	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2361	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018b661:<flags> [calling]
2362	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'C:\Windows\system32\imm32.dll'
2363	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff760000 'C:\Windows\system32\ADVAPI32.DLL'
2364	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2365	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2366	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\cryptbase.dll'
2367	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede0d0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2368	13a8.fe0: SUPR3HardenedMain: Calling TrustedMain (000007fede0d14f0)...
2369	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2370	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d941:<flags> [calling]
2371	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbd0000 'C:\Windows\system32\ole32.dll'
2372	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff760000 'C:\Windows\system32\ADVAPI32.dll'
2373	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2374	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018c021:<flags> [calling]
2375	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd500000 'C:\Windows\system32\profapi.dll'
2376	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2377	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2378	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2379	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2380	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2381	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2382	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2383	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2384	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2385	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2386	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2387	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2388	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2389	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2390	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2391	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2392	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2393	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2394	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2395	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2396	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2397	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2398	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2399	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2400	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2401	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2402	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2403	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2404	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2405	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2406	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2407	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2408	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2409	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2410	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2411	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2412	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2413	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2414	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2415	13a8.fe0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2416	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2417	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2418	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018e311:<flags> [calling]
2419	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2420	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fed9470000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2421	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2422	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9470000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2423	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2424	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018e241:<flags> [calling]
2425	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd430000 'C:\Windows\system32\CRYPTBASE.dll'
2426	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2427	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000007ff4b0
2428	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000007ff4b0
2429	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2430	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2431	13a8.fe0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2432	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2433	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2434	13a8.fe0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2435	13a8.fe0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2436	13a8.fe0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2437	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2438	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2439	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2440	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2441	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2442	13a8.fe0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2443	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018dd11:<flags> [calling]
2444	13a8.fe0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2445	13a8.fe0: supR3HardenedDllNotificationCallback: load 000007fefbc00000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
2446	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2447	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc00000 'C:\Windows\system32\uxtheme.dll'
2448	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2449	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d751:<flags> [calling]
2450	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc00000 'C:\Windows\system32\uxtheme.dll'
2451	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2452	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d4c1:<flags> [calling]
2453	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc00000 'C:\Windows\system32\uxtheme.dll'
2454	13a8.fe0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2455	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000018d4c1:<flags> [calling]
2456	13a8.fe0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc00000 'C:\Windows\system32\uxtheme.dll'
2457	1c4c.1fcc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 961 ms, the end);
2458	4e4.2630: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1580 ms, the end);

Download in other formats:

Original Format