VirtualBox

Ticket #14296: VBoxHardening.log

File VBoxHardening.log, 224.3 KB (added by JCZ, 8 years ago)
Line 
11764.1530: Log file opened: 5.0.24r108355 g_hStartupLog=00000100 g_uNtVerCombined=0x611db110
21764.1530: \SystemRoot\System32\ntdll.dll:
31764.1530: CreationTime: 2016-07-28T22:47:09.374825800Z
41764.1530: LastWriteTime: 2016-05-16T23:16:18.034093900Z
51764.1530: ChangeTime: 2016-07-28T22:50:40.018460900Z
61764.1530: FileAttributes: 0x20
71764.1530: Size: 0x140158
81764.1530: NT Headers: 0xd0
91764.1530: Timestamp: 0x573a54ca
101764.1530: Machine: 0x14c - i386
111764.1530: Timestamp: 0x573a54ca
121764.1530: Image Version: 6.1
131764.1530: SizeOfImage: 0x143000 (1323008)
141764.1530: Resource Dir: 0xe3000 LB 0x5a028
151764.1530: ProductName: Microsoft® Windows® Operating System
161764.1530: ProductVersion: 6.1.7601.23455
171764.1530: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
181764.1530: FileDescription: NT Layer DLL
191764.1530: \SystemRoot\System32\kernel32.dll:
201764.1530: CreationTime: 2016-04-12T20:34:29.250990700Z
211764.1530: LastWriteTime: 2016-03-17T22:26:26.905000000Z
221764.1530: ChangeTime: 2016-04-13T11:20:27.026042500Z
231764.1530: FileAttributes: 0x20
241764.1530: Size: 0xd5000
251764.1530: NT Headers: 0xf0
261764.1530: Timestamp: 0x56eb2fb8
271764.1530: Machine: 0x14c - i386
281764.1530: Timestamp: 0x56eb2fb8
291764.1530: Image Version: 6.1
301764.1530: SizeOfImage: 0xd5000 (872448)
311764.1530: Resource Dir: 0xc8000 LB 0x528
321764.1530: ProductName: Microsoft® Windows® Operating System
331764.1530: ProductVersion: 6.1.7601.23392
341764.1530: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
351764.1530: FileDescription: Windows NT BASE API Client DLL
361764.1530: \SystemRoot\System32\KernelBase.dll:
371764.1530: CreationTime: 2016-04-12T20:34:29.627028300Z
381764.1530: LastWriteTime: 2016-03-17T22:26:26.921000000Z
391764.1530: ChangeTime: 2016-04-13T11:20:27.041642700Z
401764.1530: FileAttributes: 0x20
411764.1530: Size: 0x47e00
421764.1530: NT Headers: 0xe0
431764.1530: Timestamp: 0x56eb2fb9
441764.1530: Machine: 0x14c - i386
451764.1530: Timestamp: 0x56eb2fb9
461764.1530: Image Version: 6.1
471764.1530: SizeOfImage: 0x4b000 (307200)
481764.1530: Resource Dir: 0x47000 LB 0x530
491764.1530: ProductName: Microsoft® Windows® Operating System
501764.1530: ProductVersion: 6.1.7601.23392
511764.1530: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
521764.1530: FileDescription: Windows NT BASE API Client DLL
531764.1530: \SystemRoot\System32\apisetschema.dll:
541764.1530: CreationTime: 2016-07-28T22:47:08.407644400Z
551764.1530: LastWriteTime: 2016-05-16T23:14:25.755000000Z
561764.1530: ChangeTime: 2016-07-28T22:50:39.846860900Z
571764.1530: FileAttributes: 0x20
581764.1530: Size: 0x1a00
591764.1530: NT Headers: 0xc0
601764.1530: Timestamp: 0x573a5491
611764.1530: Machine: 0x14c - i386
621764.1530: Timestamp: 0x573a5491
631764.1530: Image Version: 6.1
641764.1530: SizeOfImage: 0x50000 (327680)
651764.1530: Resource Dir: 0x30000 LB 0x3f8
661764.1530: ProductName: Microsoft® Windows® Operating System
671764.1530: ProductVersion: 6.1.7601.23455
681764.1530: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
691764.1530: FileDescription: ApiSet Schema DLL
701764.1530: supR3HardenedWinFindAdversaries: 0x0
711764.1530: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
721764.1530: Calling main()
731764.1530: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
741764.1530: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
751764.1530: SUPR3HardenedMain: Respawn #1
761764.1530: System32: \Device\HarddiskVolume2\Windows\System32
771764.1530: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
781764.1530: KnownDllPath: C:\Windows\system32
791764.1530: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
801764.1530: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
811764.1530: supR3HardNtEnableThreadCreation:
821764.1530: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8
831764.1530: supR3HardenedWinDoReSpawn(1): New child 1724.1580 [kernel32].
841764.1530: supR3HardNtChildGatherData: PebBaseAddress=7ffdf000 cbPeb=0x248
851764.1530: supR3HardNtPuChFindNtdll: uNtDllParentAddr=779c0000 uNtDllChildAddr=779c0000
861764.1530: supR3HardenedWinSetupChildInit: uLdrInitThunk=77a14466
871764.1530: supR3HardenedWinSetupChildInit: Start child.
881764.1530: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
891764.1530: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 0 sleeps
901764.1530: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
911764.1530: *00000000-fffeffff 0x0001/0x0000 0x0000000
921764.1530: *00010000-fffeffff 0x0004/0x0004 0x0020000
931764.1530: *00030000-0002bfff 0x0002/0x0002 0x0040000
941764.1530: 00034000-00027fff 0x0001/0x0000 0x0000000
951764.1530: *00040000-0003efff 0x0004/0x0004 0x0020000
961764.1530: 00041000-00031fff 0x0001/0x0000 0x0000000
971764.1530: *00050000-0004efff 0x0004/0x0004 0x0020000
981764.1530: 00051000-00011fff 0x0001/0x0000 0x0000000
991764.1530: *00090000-fff92fff 0x0000/0x0004 0x0020000
1001764.1530: 0018d000-0018bfff 0x0104/0x0004 0x0020000
1011764.1530: 0018e000-0018bfff 0x0004/0x0004 0x0020000
1021764.1530: 00190000-fef7ffff 0x0001/0x0000 0x0000000
1031764.1530: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1041764.1530: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1051764.1530: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1061764.1530: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1071764.1530: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1081764.1530: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1091764.1530: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1101764.1530: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1111764.1530: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1121764.1530: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1131764.1530: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1141764.1530: 01492000-8af63fff 0x0001/0x0000 0x0000000
1151764.1530: *779c0000-779c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1161764.1530: 779c1000-77a88fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1171764.1530: 77a89000-77a8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1181764.1530: 77a90000-77a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1191764.1530: 77a91000-77a92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1201764.1530: 77a93000-77b02fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1211764.1530: 77b03000-779e5fff 0x0001/0x0000 0x0000000
1221764.1530: *77c20000-77c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1231764.1530: 77c21000-6f891fff 0x0001/0x0000 0x0000000
1241764.1530: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
1251764.1530: 7ffd3000-7ffc7fff 0x0001/0x0000 0x0000000
1261764.1530: *7ffde000-7ffdcfff 0x0004/0x0004 0x0020000
1271764.1530: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
1281764.1530: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
1291764.1530: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
1301764.1530: apisetschema.dll: timestamp 0x573a5491 (rc=VINF_SUCCESS)
1311764.1530: VirtualBox.exe: timestamp 0x57729827 (rc=VINF_SUCCESS)
1321764.1530: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1331764.1530: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1341764.1530: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1351764.1530: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
1361724.1580: Log file opened: 5.0.24r108355 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
1371724.1580: supR3HardenedVmProcessInit: uNtDllAddr=779c0000 g_uNtVerCombined=0x611db100
1381764.1530: supR3HardNtEnableThreadCreation:
1391724.1580: ntdll.dll: timestamp 0x573a54ca (rc=VINF_SUCCESS)
1401724.1580: New simple heap: #1 00290000 LB 0x400000 (for 1323008 allocation)
1411724.1580: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1421724.1580: System32: \Device\HarddiskVolume2\Windows\System32
1431724.1580: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1441724.1580: KnownDllPath: C:\Windows\system32
1451724.1580: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1461724.1580: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1471724.1580: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1481724.1580: Registered Dll notification callback with NTDLL.
1491724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1501724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1511724.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
1521724.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1531724.1580: supR3HardenedDllNotificationCallback: load 774e0000 LB 0x000d5000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1541724.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1551724.1580: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1561724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1571724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1581724.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll'
1591724.1580: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8
1601764.1530: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
1611724.1580: \SystemRoot\System32\ntdll.dll:
1621724.1580: CreationTime: 2016-07-28T22:47:09.374825800Z
1631724.1580: LastWriteTime: 2016-05-16T23:16:18.034093900Z
1641724.1580: ChangeTime: 2016-07-28T22:50:40.018460900Z
1651724.1580: FileAttributes: 0x20
1661724.1580: Size: 0x140158
1671724.1580: NT Headers: 0xd0
1681724.1580: Timestamp: 0x573a54ca
1691724.1580: Machine: 0x14c - i386
1701724.1580: Timestamp: 0x573a54ca
1711724.1580: Image Version: 6.1
1721724.1580: SizeOfImage: 0x143000 (1323008)
1731724.1580: Resource Dir: 0xe3000 LB 0x5a028
1741724.1580: ProductName: Microsoft® Windows® Operating System
1751724.1580: ProductVersion: 6.1.7601.23455
1761724.1580: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
1771724.1580: FileDescription: NT Layer DLL
1781724.1580: \SystemRoot\System32\kernel32.dll:
1791724.1580: CreationTime: 2016-04-12T20:34:29.250990700Z
1801724.1580: LastWriteTime: 2016-03-17T22:26:26.905000000Z
1811724.1580: ChangeTime: 2016-04-13T11:20:27.026042500Z
1821724.1580: FileAttributes: 0x20
1831724.1580: Size: 0xd5000
1841724.1580: NT Headers: 0xf0
1851724.1580: Timestamp: 0x56eb2fb8
1861724.1580: Machine: 0x14c - i386
1871724.1580: Timestamp: 0x56eb2fb8
1881724.1580: Image Version: 6.1
1891724.1580: SizeOfImage: 0xd5000 (872448)
1901724.1580: Resource Dir: 0xc8000 LB 0x528
1911724.1580: ProductName: Microsoft® Windows® Operating System
1921724.1580: ProductVersion: 6.1.7601.23392
1931724.1580: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
1941724.1580: FileDescription: Windows NT BASE API Client DLL
1951724.1580: \SystemRoot\System32\KernelBase.dll:
1961724.1580: CreationTime: 2016-04-12T20:34:29.627028300Z
1971724.1580: LastWriteTime: 2016-03-17T22:26:26.921000000Z
1981724.1580: ChangeTime: 2016-04-13T11:20:27.041642700Z
1991724.1580: FileAttributes: 0x20
2001724.1580: Size: 0x47e00
2011724.1580: NT Headers: 0xe0
2021724.1580: Timestamp: 0x56eb2fb9
2031724.1580: Machine: 0x14c - i386
2041724.1580: Timestamp: 0x56eb2fb9
2051724.1580: Image Version: 6.1
2061724.1580: SizeOfImage: 0x4b000 (307200)
2071724.1580: Resource Dir: 0x47000 LB 0x530
2081724.1580: ProductName: Microsoft® Windows® Operating System
2091724.1580: ProductVersion: 6.1.7601.23392
2101724.1580: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
2111724.1580: FileDescription: Windows NT BASE API Client DLL
2121724.1580: \SystemRoot\System32\apisetschema.dll:
2131724.1580: CreationTime: 2016-07-28T22:47:08.407644400Z
2141724.1580: LastWriteTime: 2016-05-16T23:14:25.755000000Z
2151724.1580: ChangeTime: 2016-07-28T22:50:39.846860900Z
2161724.1580: FileAttributes: 0x20
2171724.1580: Size: 0x1a00
2181724.1580: NT Headers: 0xc0
2191724.1580: Timestamp: 0x573a5491
2201724.1580: Machine: 0x14c - i386
2211724.1580: Timestamp: 0x573a5491
2221724.1580: Image Version: 6.1
2231724.1580: SizeOfImage: 0x50000 (327680)
2241724.1580: Resource Dir: 0x30000 LB 0x3f8
2251724.1580: ProductName: Microsoft® Windows® Operating System
2261724.1580: ProductVersion: 6.1.7601.23455
2271724.1580: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
2281724.1580: FileDescription: ApiSet Schema DLL
2291724.1580: supR3HardenedWinFindAdversaries: 0x0
2301724.1580: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2311724.1580: Calling main()
2321724.1580: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2331724.1580: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2341724.1580: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2351724.1580: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2361724.1580: SUPR3HardenedMain: Respawn #2
2371724.1580: supR3HardNtEnableThreadCreation:
2381724.1580: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2391724.1580: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2401724.1580: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
2411724.1580: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2421724.1580: supR3HardenedDllNotificationCallback: load 75810000 LB 0x0004c000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2431724.1580: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2441724.1580: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75810000 'C:\Windows\system32\apphelp.dll'
2451724.1580: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8
2461724.1580: supR3HardenedWinDoReSpawn(2): New child 14f0.139c [kernel32].
2471724.1580: supR3HardNtChildGatherData: PebBaseAddress=7ffd5000 cbPeb=0x248
2481724.1580: supR3HardNtPuChFindNtdll: uNtDllParentAddr=779c0000 uNtDllChildAddr=779c0000
2491724.1580: supR3HardenedWinSetupChildInit: uLdrInitThunk=77a14466
2501724.1580: supR3HardenedWinSetupChildInit: Start child.
2511724.1580: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2521724.1580: supR3HardNtChildPurify: Startup delay kludge #1/0: 266 ms, 0 sleeps
2531724.1580: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2541724.1580: *00000000-fffeffff 0x0001/0x0000 0x0000000
2551724.1580: *00010000-fffeffff 0x0004/0x0004 0x0020000
2561724.1580: *00030000-0002bfff 0x0002/0x0002 0x0040000
2571724.1580: 00034000-00027fff 0x0001/0x0000 0x0000000
2581724.1580: *00040000-0003efff 0x0004/0x0004 0x0020000
2591724.1580: 00041000-00031fff 0x0001/0x0000 0x0000000
2601724.1580: *00050000-0004efff 0x0004/0x0004 0x0020000
2611724.1580: 00051000-00011fff 0x0001/0x0000 0x0000000
2621724.1580: *00090000-fff92fff 0x0000/0x0004 0x0020000
2631724.1580: 0018d000-0018bfff 0x0104/0x0004 0x0020000
2641724.1580: 0018e000-0018bfff 0x0004/0x0004 0x0020000
2651724.1580: 00190000-fef7ffff 0x0001/0x0000 0x0000000
2661724.1580: *013a0000-013a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2671724.1580: 013a1000-01406fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2681724.1580: 01407000-01407fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2691724.1580: 01408000-01441fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2701724.1580: 01442000-01442fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2711724.1580: 01443000-01443fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2721724.1580: 01444000-01444fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2731724.1580: 01445000-01445fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2741724.1580: 01446000-0144afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2751724.1580: 0144b000-0144dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2761724.1580: 0144e000-01491fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2771724.1580: 01492000-8af63fff 0x0001/0x0000 0x0000000
2781724.1580: *779c0000-779c0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2791724.1580: 779c1000-77a88fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2801724.1580: 77a89000-77a8ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2811724.1580: 77a90000-77a90fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2821724.1580: 77a91000-77a92fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2831724.1580: 77a93000-77b02fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2841724.1580: 77b03000-779e5fff 0x0001/0x0000 0x0000000
2851724.1580: *77c20000-77c20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2861724.1580: 77c21000-6f891fff 0x0001/0x0000 0x0000000
2871724.1580: *7ffb0000-7ff8cfff 0x0002/0x0002 0x0040000
2881724.1580: 7ffd3000-7ffd0fff 0x0001/0x0000 0x0000000
2891724.1580: *7ffd5000-7ffd3fff 0x0004/0x0004 0x0020000
2901724.1580: 7ffd6000-7ffccfff 0x0001/0x0000 0x0000000
2911724.1580: *7ffdf000-7ffddfff 0x0004/0x0004 0x0020000
2921724.1580: *7ffe0000-7ffdefff 0x0002/0x0002 0x0020000
2931724.1580: 7ffe1000-7ffd1fff 0x0001/0x0002 0x0020000
2941724.1580: apisetschema.dll: timestamp 0x573a5491 (rc=VINF_SUCCESS)
2951724.1580: VirtualBox.exe: timestamp 0x57729827 (rc=VINF_SUCCESS)
2961724.1580: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2971724.1580: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2981724.1580: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2991724.1580: supR3HardNtChildPurify: Done after 312 ms and 0 fixes (loop #0).
30014f0.139c: Log file opened: 5.0.24r108355 g_hStartupLog=00000004 g_uNtVerCombined=0x611db100
30114f0.139c: supR3HardenedVmProcessInit: uNtDllAddr=779c0000 g_uNtVerCombined=0x611db100
3021724.1580: supR3HardenedEarlyCompact: Removed heap 1 (0x290000 LB 0x400000)
3031724.1580: supR3HardNtEnableThreadCreation:
30414f0.139c: ntdll.dll: timestamp 0x573a54ca (rc=VINF_SUCCESS)
30514f0.139c: New simple heap: #1 00290000 LB 0x400000 (for 1323008 allocation)
30614f0.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
30714f0.139c: System32: \Device\HarddiskVolume2\Windows\System32
30814f0.139c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
30914f0.139c: KnownDllPath: C:\Windows\system32
31014f0.139c: supR3HardenedVmProcessInit: Opening vboxdrv...
31114f0.139c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
31214f0.139c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
31314f0.139c: Registered Dll notification callback with NTDLL.
31414f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
31514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
31614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=00000000:<flags> [calling]
31714f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
31814f0.139c: supR3HardenedDllNotificationCallback: load 774e0000 LB 0x000d5000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
31914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
32014f0.139c: supR3HardenedDllNotificationCallback: load 75c20000 LB 0x0004b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
32114f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
32214f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
32314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll'
32414f0.139c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=77a14466 pvNtTerminateThread=779f77b8
3251724.1580: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms.
32614f0.139c: \SystemRoot\System32\ntdll.dll:
32714f0.139c: CreationTime: 2016-07-28T22:47:09.374825800Z
32814f0.139c: LastWriteTime: 2016-05-16T23:16:18.034093900Z
32914f0.139c: ChangeTime: 2016-07-28T22:50:40.018460900Z
33014f0.139c: FileAttributes: 0x20
33114f0.139c: Size: 0x140158
33214f0.139c: NT Headers: 0xd0
33314f0.139c: Timestamp: 0x573a54ca
33414f0.139c: Machine: 0x14c - i386
33514f0.139c: Timestamp: 0x573a54ca
33614f0.139c: Image Version: 6.1
33714f0.139c: SizeOfImage: 0x143000 (1323008)
33814f0.139c: Resource Dir: 0xe3000 LB 0x5a028
33914f0.139c: ProductName: Microsoft® Windows® Operating System
34014f0.139c: ProductVersion: 6.1.7601.23455
34114f0.139c: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
34214f0.139c: FileDescription: NT Layer DLL
34314f0.139c: \SystemRoot\System32\kernel32.dll:
34414f0.139c: CreationTime: 2016-04-12T20:34:29.250990700Z
34514f0.139c: LastWriteTime: 2016-03-17T22:26:26.905000000Z
34614f0.139c: ChangeTime: 2016-04-13T11:20:27.026042500Z
34714f0.139c: FileAttributes: 0x20
34814f0.139c: Size: 0xd5000
34914f0.139c: NT Headers: 0xf0
35014f0.139c: Timestamp: 0x56eb2fb8
35114f0.139c: Machine: 0x14c - i386
35214f0.139c: Timestamp: 0x56eb2fb8
35314f0.139c: Image Version: 6.1
35414f0.139c: SizeOfImage: 0xd5000 (872448)
35514f0.139c: Resource Dir: 0xc8000 LB 0x528
35614f0.139c: ProductName: Microsoft® Windows® Operating System
35714f0.139c: ProductVersion: 6.1.7601.23392
35814f0.139c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
35914f0.139c: FileDescription: Windows NT BASE API Client DLL
36014f0.139c: \SystemRoot\System32\KernelBase.dll:
36114f0.139c: CreationTime: 2016-04-12T20:34:29.627028300Z
36214f0.139c: LastWriteTime: 2016-03-17T22:26:26.921000000Z
36314f0.139c: ChangeTime: 2016-04-13T11:20:27.041642700Z
36414f0.139c: FileAttributes: 0x20
36514f0.139c: Size: 0x47e00
36614f0.139c: NT Headers: 0xe0
36714f0.139c: Timestamp: 0x56eb2fb9
36814f0.139c: Machine: 0x14c - i386
36914f0.139c: Timestamp: 0x56eb2fb9
37014f0.139c: Image Version: 6.1
37114f0.139c: SizeOfImage: 0x4b000 (307200)
37214f0.139c: Resource Dir: 0x47000 LB 0x530
37314f0.139c: ProductName: Microsoft® Windows® Operating System
37414f0.139c: ProductVersion: 6.1.7601.23392
37514f0.139c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
37614f0.139c: FileDescription: Windows NT BASE API Client DLL
37714f0.139c: \SystemRoot\System32\apisetschema.dll:
37814f0.139c: CreationTime: 2016-07-28T22:47:08.407644400Z
37914f0.139c: LastWriteTime: 2016-05-16T23:14:25.755000000Z
38014f0.139c: ChangeTime: 2016-07-28T22:50:39.846860900Z
38114f0.139c: FileAttributes: 0x20
38214f0.139c: Size: 0x1a00
38314f0.139c: NT Headers: 0xc0
38414f0.139c: Timestamp: 0x573a5491
38514f0.139c: Machine: 0x14c - i386
38614f0.139c: Timestamp: 0x573a5491
38714f0.139c: Image Version: 6.1
38814f0.139c: SizeOfImage: 0x50000 (327680)
38914f0.139c: Resource Dir: 0x30000 LB 0x3f8
39014f0.139c: ProductName: Microsoft® Windows® Operating System
39114f0.139c: ProductVersion: 6.1.7601.23455
39214f0.139c: FileVersion: 6.1.7601.23455 (win7sp1_ldr.160516-0600)
39314f0.139c: FileDescription: ApiSet Schema DLL
39414f0.139c: supR3HardenedWinFindAdversaries: 0x0
39514f0.139c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
39614f0.139c: Calling main()
39714f0.139c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
39814f0.139c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
39914f0.139c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
40014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
40114f0.139c: SUPR3HardenedMain: Final process, opening VBoxDrv...
40214f0.139c: supR3HardenedEarlyCompact: Removed heap 1 (0x290000 LB 0x400000)
40314f0.139c: supR3HardNtEnableThreadCreation:
40414f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
40514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
40614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ba75:<flags> [calling]
40714f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
40814f0.139c: supR3HardenedDllNotificationCallback: load 6d220000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
40914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=001894a9:<flags> [calling]
41214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
41414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=001894a9:<flags> [calling]
41514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6d220000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
41714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
41814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
41914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
42014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
42114f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
42214f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
42314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
42414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
42514f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
42614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
42714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
42814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
42914f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
43014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
43114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
43214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
43314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
43414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
43514f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
43614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
43714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
43814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
43914f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
44014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
44114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
44214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
44314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
44414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
44514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
44614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
44714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d88d:<flags> [calling]
44814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
44914f0.139c: supR3HardenedDllNotificationCallback: load 75970000 LB 0x0002f000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
45014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
45114f0.139c: supR3HardenedDllNotificationCallback: load 771f0000 LB 0x000ac000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
45214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
45314f0.139c: supR3HardenedDllNotificationCallback: load 759b0000 LB 0x00121000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
45414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
45514f0.139c: supR3HardenedDllNotificationCallback: load 75940000 LB 0x0000c000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
45614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
45714f0.139c: supR3HardenedDllNotificationCallback: load 77770000 LB 0x000a2000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
45814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
45914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\Wintrust.dll'
46014f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
46114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
46214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d88d:<flags> [calling]
46314f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46414f0.139c: supR3HardenedDllNotificationCallback: load 75470000 LB 0x00017000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
46514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
46614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\bcrypt.dll'
46714f0.139c: bcrypt.dll loaded at 75470000, BCryptOpenAlgorithmProvider at 75472cda, preloading providers:
46814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
46914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
47014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
47114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
47214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
47314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
47414f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
47514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
47614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
47714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
47814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
47914f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
48014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
48114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
48214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
48314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
48414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
48514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
48614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
48714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d9f5:<flags> [calling]
48814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
48914f0.139c: supR3HardenedDllNotificationCallback: load 75060000 LB 0x0003d000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
49014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
49114f0.139c: supR3HardenedDllNotificationCallback: load 76e80000 LB 0x000a1000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
49214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
49314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcrt.dll'.
49414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'rpcrt4.dll'.
49514f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
49614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
49714f0.139c: supR3HardenedDllNotificationCallback: load 771d0000 LB 0x00019000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
49814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
49914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75060000 'C:\Windows\system32\bcryptprimitives.dll'
50014f0.139c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=0072dbc8)
50114f0.139c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=0072e218)
50214f0.139c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=0072efd0)
50314f0.139c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0072db20)
50414f0.139c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0072f120)
50514f0.139c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0072f1c0)
50614f0.139c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0072f070)
50714f0.139c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0072f330)
50814f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
50914f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
51014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
51114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
51214f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
51314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
51414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
51514f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
51614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d64d:<flags> [calling]
51714f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
51814f0.139c: supR3HardenedDllNotificationCallback: load 75370000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
51914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
52014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll'
52114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
52214f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
52314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
52414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
52514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
52614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
52714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5e9:<flags> [calling]
52814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
52914f0.139c: supR3HardenedDllNotificationCallback: load 75120000 LB 0x0003b000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
53014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
53114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75120000 'C:\Windows\system32\rsaenh.dll'
53214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
53314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d0bd:<flags> [calling]
53414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll'
53514f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
53614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
53714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d3b1:<flags> [calling]
53814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
53914f0.139c: supR3HardenedDllNotificationCallback: load 75860000 LB 0x0000c000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
54014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
54114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75860000 'C:\Windows\system32\CRYPTBASE.dll'
54214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
54314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ceed:<flags> [calling]
54414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll'
54514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5cd:<flags> [calling]
54714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\WINTRUST.DLL'
54814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
54914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018d411:<flags> [calling]
55014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\CRYPT32.dll'
55114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
55214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'advapi32.dll'.
55314f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
55414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
55514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
55614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
55714f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
55814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
55914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
56014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
56114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d54d:<flags> [calling]
56214f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
56314f0.139c: supR3HardenedDllNotificationCallback: load 77080000 LB 0x0002b000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
56414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
56514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77080000 'C:\Windows\system32\imagehlp.dll'
56614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
56714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d5f1:<flags> [calling]
56814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll'
56914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
57014f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
57114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
57214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
57314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
57414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
57514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
57614f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
57714f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
57814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
57914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
58014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
58114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
58214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
58314f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
58414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
58514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
58614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
58714f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
58814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
58914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
59014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
59114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
59214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
59314f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
59414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
59514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
59614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
59714f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
59814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
59914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
60014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
60114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
60214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
60314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
60414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
60514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
60614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
60714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
60814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
60914f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
61014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d281:<flags> [calling]
61114f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
61214f0.139c: supR3HardenedDllNotificationCallback: load 77b10000 LB 0x000c9000 C:\Windows\system32\USER32.dll [fFlags=0x0]
61314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
61414f0.139c: supR3HardenedDllNotificationCallback: load 77130000 LB 0x0004e000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
61514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
61614f0.139c: supR3HardenedDllNotificationCallback: load 76fd0000 LB 0x0000a000 C:\Windows\system32\LPK.dll [fFlags=0x0]
61714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
61814f0.139c: supR3HardenedDllNotificationCallback: load 76020000 LB 0x0009d000 C:\Windows\system32\USP10.dll [fFlags=0x0]
61914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
62014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
62114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb99:<flags> [calling]
62214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77130000 'C:\Windows\system32\gdi32.dll'
62314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
62414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
62514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
62614f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
62714f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
62814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
62914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
63014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
63114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
63214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
63314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
63414f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
63514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
63614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
63714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
63814f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
63914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
64014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
64114f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
64214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
64314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
64414f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
64514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
64614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
64714f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
64814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
64914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
65014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
65114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
65214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c525:<flags> [calling]
65514f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
65614f0.139c: supR3HardenedDllNotificationCallback: load 77bf0000 LB 0x0001f000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
65714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
65814f0.139c: supR3HardenedDllNotificationCallback: load 760d0000 LB 0x000cc000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
65914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
66014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bf0000 'C:\Windows\system32\IMM32.DLL'
66114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\USER32.dll'
66214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
66314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
66414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
66514f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
66614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
66714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
66814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
66914f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
67014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
67114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
67214f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
67314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
67414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
67514f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
67614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d4c5:<flags> [calling]
67714f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
67814f0.139c: supR3HardenedDllNotificationCallback: load 75490000 LB 0x00039000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
67914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
68014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75490000 'C:\Windows\system32\ncrypt.dll'
68114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
68214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d51d:<flags> [calling]
68314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75470000 'C:\Windows\system32\bcrypt.dll'
68414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'rpcrt4.dll'.
68614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'profapi.dll'.
68714f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
68814f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
68914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
69014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
69114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
69214f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
69314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
69414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
69514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
69614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
69714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
69814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
69914f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70214f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cdb1:<flags> [calling]
70414f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
70514f0.139c: supR3HardenedDllNotificationCallback: load 75b40000 LB 0x00017000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
70614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
70714f0.139c: supR3HardenedDllNotificationCallback: load 75950000 LB 0x0000b000 C:\Windows\system32\profapi.dll [fFlags=0x0]
70814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
70914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b40000 'C:\Windows\system32\USERENV.dll'
71014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cd81:<flags> [calling]
71114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
71214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d195:<flags> [calling]
71314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
71414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
71514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
71614f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
71714f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
71814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
71914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
72014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
72114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
72214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
72314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
72414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d285:<flags> [calling]
72514f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
72614f0.139c: supR3HardenedDllNotificationCallback: load 74f20000 LB 0x00016000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
72714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
72814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=74f20000 'C:\Windows\system32\GPAPI.dll'
72914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d201:<flags> [calling]
73014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
73114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
73214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ccb9:<flags> [calling]
73314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77770000 'C:\Windows\system32\rpcrt4.dll'
73414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d1dd:<flags> [calling]
73514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
73614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018d1d5:<flags> [calling]
73714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
73814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
73914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
74014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
74114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
74214f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
74314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
74414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
74514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
74614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
74714f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
74814f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
74914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
75014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
75114f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
75214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
75314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
75414f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
75514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75714f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d075:<flags> [calling]
76214f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76314f0.139c: supR3HardenedDllNotificationCallback: load 72e70000 LB 0x0001d000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
76414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76514f0.139c: supR3HardenedDllNotificationCallback: load 77180000 LB 0x00045000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
76614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
76714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
76814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799:<flags> [calling]
76914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
77014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799:<flags> [calling]
77214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
77314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799:<flags> [calling]
77514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
77614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
77714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c799:<flags> [calling]
77814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
77914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c795:<flags> [calling]
78114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
78214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0018c795:<flags> [calling]
78414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
78514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
78714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
78814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
78914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
79114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
79314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
79514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
79614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
79714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=72e70000 'C:\Windows\system32\cryptnet.dll'
79814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cc75:<flags> [calling]
79914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
80014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
80114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cc85:<flags> [calling]
80214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75950000 'C:\Windows\system32\profapi.dll'
80314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
80414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
80514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
80614f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
80714f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
80814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
80914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
81014f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
81114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
81214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
81314f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
81414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
81514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
81614f0.139c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
81714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb49:<flags> [calling]
81814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
81914f0.139c: supR3HardenedDllNotificationCallback: load 76f30000 LB 0x00057000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
82014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
82114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76f30000 'C:\Windows\system32\SHLWAPI.dll'
82214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000 pwszName=\SystemRoot\System32\ntdll.dll
82314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: New context 00734cc0
82414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
82514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=258AECABC1B39BE7A51E0245C37AC1C494AB11C4
82614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cca1:<flags> [calling]
82714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
82814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018c831:<flags> [calling]
82914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
83014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018c82d:<flags> [calling]
83114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
83214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
83314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cc95:<flags> [calling]
83414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll'
83514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cc75:<flags> [calling]
83614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
83714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018cab5:<flags> [calling]
83814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=771d0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
83914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
84014f0.139c: g_pfnWinVerifyTrust=7597273a
84114f0.139c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
84214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
84314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
84414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
84514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AA9F4D26D8B58751CB60C923B73ECFA7FE46B691
84614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_125_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
84714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
84814f0.139c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
84914f0.139c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
85014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
85114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
85214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
85314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F3E3B0E8B3F0B48C48571F1E10AB52986C32F1B
85414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
85514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
85614f0.139c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
85714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000394 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
85814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
85914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
86014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5A97620B38393821964747185BD0CFB4FF244F0A
86114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
86214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
86314f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
86414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000388 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
86514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
86614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
86714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4274E678F4A09F0955B304F45CFA0547B0F86BC7
86814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
86914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
87014f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
87114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000384 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
87214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
87314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
87414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C6BA55D75027A4D8F8ADFA0DFAA3F021D77FCF36
87514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
87614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
87714f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
87814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000260 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
87914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
88014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
88114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=647D940F193F2577854A0092E0E104723ADB3326
88214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_76_for_KB3159398~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
88314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
88414f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
88514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
88614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
88714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
88814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D9A4C90615FC5B5674208A5401C018FEA2A04A4B
88914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
89014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
89114f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
89214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
89314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
89414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
89514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21925C895DA97CB66CCC5FBA910D9ABD265AA276
89614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
89714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
89814f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
89914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
90014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
90114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
90214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3ED4B4350DD7AD71402DC9ECF32453602E8624F
90314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
90414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
90514f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
90614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000019c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
90714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
90814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
90914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=21CC868DE3508F5C6F6D348B324C1E8AB2969CC6
91014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3033889~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
91114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
91214f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
91314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000198 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
91414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
91514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
91614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB8862BB29C3F539B9BF3A9E49EBC509A515AC5C
91714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
91814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
91914f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
92014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000194 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
92114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
92214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
92314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=620B58DF939ECB4E691974D32E1363C8F89396C3
92414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3108670~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
92514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
92614f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
92714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000190 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
92814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
92914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
93014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7EA395BBA2494B31A6E9E75F84367769603A86B
93114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164033~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
93214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
93314f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
93414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000018c pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
93514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
93614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
93714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B8D3604000ED15CBB49FB2FA6FE8FF051CD4FCD
93814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164035~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
93914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
94014f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
94114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000188 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
94214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
94314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
94414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=44098F3B14959897BB848F81A735A1BE83CB369F
94514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3109094~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
94614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
94714f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
94814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000184 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
94914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
95014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
95114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D59F877FD4F27652A01B1936874AFAF3A55572A8
95214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
95314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
95414f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
95514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000138 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
95614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
95714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
95814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FA30F13B69B382CCE056E1FA0B537B7B77E385C8
95914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
96014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96114f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
96214f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
96314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
96414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
96514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
96614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFE6B29BE955FB2D869F3B57909DF90693FBBCEB
96714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_57_for_KB3033929~31bf3856ad364e35~x86~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
96814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96914f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
97014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000124 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
97114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
97214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
97314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=27AAFBF501C7D0BDB48FEA759DB4257783E5749A
97414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_38_for_KB3068708~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
97514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97614f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
97714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000120 pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
97814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
97914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
98014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E5D3F6BAE44924FCA30C85EAE673435184306700
98114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_128_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
98214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
98314f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
98414f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
98514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000108 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
98614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
98714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
98814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F0BAB1EFD5C685AC53B020519B5A6984B19E5071
98914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
99014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
99114f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
99214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e8 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
99314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
99414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
99514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50B466D5DDEDD2D1A524F20B8873F187B62AA69F
99614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2654428~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
99714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
99814f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
99914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
100014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
100114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
100214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7068F2E1634BBD478D1FBCF4C463626913EA7285
100314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
100414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100514f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
100614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
100714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
100814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
100914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=50D61CCF56CBB6FD547B8863E06BF117FBE6F205
101014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
101114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
101214f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
101314f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
101414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000024 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
101514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
101614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
101714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=78C215A477EBDED3EA92050D73AD064D4DACAF04
101814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
101914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102014f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
102114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000001c pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
102214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
102314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
102414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9560523695751C7D7E357112D9C665B53216B2EE
102514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
102614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102714f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
102814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
102914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c5dd:<flags> [calling]
103014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\crypt32.dll'
103114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
103214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
103314f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
103414f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
103514f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
103614f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
103714f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xbc477be89bbce158 C=US, CN=Default CA
103814f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd96baae6fa45b277 C=US, CN=Default CA
103914f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
104014f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
104114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
104214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x91e3728b8b40d000 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO Certification Authority
104314f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
104414f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
104514f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
104614f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
104714f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
104814f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
104914f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
105014f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
105114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
105214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
105314f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
105414f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
105514f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
105614f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
105714f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
105814f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
105914f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
106014f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
106114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
106214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
106314f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
106414f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
106514f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
106614f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
106714f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
106814f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
106914f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
107014f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
107114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
107214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
107314f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
107414f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x20b7075b3689b600 C=IL, O=StartCom Ltd., CN=StartCom Certification Authority G2
107514f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
107614f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
107714f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
107814f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
107914f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
108014f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
108114f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
108214f0.139c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
108314f0.139c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52
108414f0.139c: SUPR3HardenedMain: Load Runtime...
108514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
108614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
108714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
108814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
108914f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
109014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
109114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
109214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
109314f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
109414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
109514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
109614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000458 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
109714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
109814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
109914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9F5903563880A7F4C5D5D3DB2B4AF4CE300C2515
110014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3161949~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
110114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
110314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
110414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'nsi.dll'.
110514f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
110614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
110714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
110814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
110914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
111014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
111114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
111214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
111314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
111414f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
111514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
111614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
111714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
111814f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
111914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
112014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
112114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000460 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
112214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
112314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
112414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B5C25EDD170A1CAACC3D49C508AB6F58BD6DE6E2
112514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
112614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
112714f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
112814f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
112914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
113014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
113114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
113214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
113314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
113414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
113514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c68d:<flags> [calling]
113614f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
113714f0.139c: supR3HardenedDllNotificationCallback: load 51200000 LB 0x0041c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
113814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
113914f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
114014f0.139c: supR3HardenedDllNotificationCallback: load 523a0000 LB 0x000bf000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
114114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
114214f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
114314f0.139c: supR3HardenedDllNotificationCallback: load 52ef0000 LB 0x00069000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
114414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
114514f0.139c: supR3HardenedDllNotificationCallback: load 76f90000 LB 0x00035000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
114614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
114714f0.139c: supR3HardenedDllNotificationCallback: load 760c0000 LB 0x00006000 C:\Windows\system32\NSI.dll [fFlags=0x0]
114814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
114914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
115014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
115114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
115214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
115314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
115414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
115514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
115614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
115714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
115814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
115914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
116014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
116214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
116314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
116514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
116614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
116914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
117514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
117614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
117914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
118914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
119314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018a071:<flags> [calling]
119414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=51200000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
119814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
119914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e355:<flags> [calling]
120014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75970000 'C:\Windows\system32\Wintrust.dll'
120114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
120214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d0b5:<flags> [calling]
120314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=759b0000 'C:\Windows\system32\crypt32.dll'
120414f0.139c: SUPR3HardenedMain: Load TrustedMain...
120514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
120614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
120714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
120814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
120914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
121014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtcorevbox4.dll'.
121114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtguivbox4.dll'.
121214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qtopenglvbox4.dll'.
121314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'user32.dll'.
121414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdi32.dll'.
121514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
121614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
121714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
121814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
121914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
122014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
122114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
122214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
122314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
122414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
122514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
122614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
122714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0907A64D7756C59C69C1DFBD06460EC89D3A8FBD
122814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
122914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
123014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
123114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
123214f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
123314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
123414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
123514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
123614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000484 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
123714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
123814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
123914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B7E0F9A1230AA2EF739E460514A16F91C90D9AD
124014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
124114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
124214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
124314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
124414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
124514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
124614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'gdi32.dll'.
124714f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
124814f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
124914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
125014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
125114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000498 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
125214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
125314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
125414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C9D7CD58447116AAADAA6F63A2561531EA95B33
125514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3146706~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
125614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
125714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
125814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
125914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
126014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
126114f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
126214f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
126314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
126414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
126514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000048c pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
126614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
126714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
126814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2AC7204B7EC1505A1AFCF380109E511193D585D0
126914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_40_for_KB3123862~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
127014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
127114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
127214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
127314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
127414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
127514f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
127614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
127714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
127814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
127914f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
128014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
128114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
128214f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
128314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
128414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
128514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
128614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
128714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
128814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
128914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
129014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
129114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
129214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
129314f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
129414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
129514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
129614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
129714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
129814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
129914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
130014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
130114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
130214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
130314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
130414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
130514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
130614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
130714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
130814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
130914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
131014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
131114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
131214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
131314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
131414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
131514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
131614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
131714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
131814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
131914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
132014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
132114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
132214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
132314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
132414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
132514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
132614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
132714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
132814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
132914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
133014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
133114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
133214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
133314f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
133414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
133514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
133614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
133714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
133814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
133914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
134014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
134114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
134214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4C7570E385B8CF66CB40344231F3E0AA4189574F
134314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
134414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
134514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
134614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
134714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
134814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
134914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
135014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
135114f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
135214f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
135314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
135414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
135514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
135614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
135714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
135814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
135914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
136014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D0AC3B30C2D6C734EBBA3E99BF60B93FDF28E33
136114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
136214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
136314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
136414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
136514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
136614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
136714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
136814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
136914f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
137014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
137114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
137214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
137314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
137414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
137514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
137614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AAE7D02045ADA954DBE714C716FEAB98D1A54F0
137714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
137814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
138014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
138114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
138214f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
138314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
138414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
138514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
138614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
138714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
138814f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
138914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
139014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
139114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
139214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
139314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
139414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
139514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
139614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
139714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
139814f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
139914f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
140014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
140114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
140214f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
140314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
140414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
140514f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
140614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
140714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
140814f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
140914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
141014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
141114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
141214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
141314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
141414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
141514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
141614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
141714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
141814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
141914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
142014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
142114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
142214f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
142314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
142414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
142514f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
142614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
142714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
142814f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
142914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
143014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
143114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
143214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
143314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
143414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
143514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
143614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
143714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
143814f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
143914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
144014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
144114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
144214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
144314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
144414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B39657B6044CE5C98BB9FC443679CBDE0E6BE222
144514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
144614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
144714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
144814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
144914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
145014f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
145114f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
145214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
145314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
145414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
145514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
145614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
145714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
145814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
145914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
146014f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
146114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
146214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
146314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
146414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
146514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
146614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1C456ACB19416C5E733133B4582891146F151614
146714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
146814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
146914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
147014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
147114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
147214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
147314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
147414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
147514f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
147614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
147714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
147814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
147914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
148014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
148114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
148214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
148314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
148414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
148514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
148614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
148714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
148814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
148914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
149014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
149114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
149214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
149314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
149414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
149514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
149614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
149714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
149814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
149914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
150014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
150114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
150214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
150314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
150414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
150514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
150614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
150714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
150814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
150914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
151014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
151114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
151214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
151314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
151414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151614f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
151714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
151814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
151914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
152014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
152114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
152214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
152314f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
152414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
152514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
152614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
152714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
152814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
152914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
153014f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
153114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
153214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
153314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
153414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
153514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
153614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
153714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
153814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
153914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
154014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
154114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
154214f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
154314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
154414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
154514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
154614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
154714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
154814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
154914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
155014f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
155114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
155314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
155414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
155514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
155614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
155714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
155814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
155914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
156114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
156214f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
156314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
156414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
156514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
156614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
156714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
156814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
156914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
157014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
157114f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
157214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
157314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
157414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
157514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
157614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
157714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
157814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
157914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=16BBD8EF93DEB2283AA2548BAF76579D798DC50D
158014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3078667~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
158114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
158214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
158314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
158414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
158514f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
158614f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
158714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
158814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
158914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
159014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
159114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
159214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07B90F6FCFF3E079727E8F6884115307C6E5BA41
159314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
159414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
159514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
159614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
159714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
159814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
159914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
160014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
160114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
160214f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
160314f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
160414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
160514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
160614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
160714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
160814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000508 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
160914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
161014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
161114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=55B617014CE98D8F12CB631212573AF95C0F0FCE
161214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3164033~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
161314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
161414f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
161514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
161614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
161714f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
161814f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
161914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
162114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
162514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
163014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
163114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000510 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
163214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
163314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
163414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EE1631BE6E86D9131380E981EC05320E6DF3FD3A
163514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
163614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
163714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
163814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'cfgmgr32.dll'.
163914f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
164014f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
164114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
164214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
164314f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
164414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
164614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
164714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
164814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
164914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
165014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
165114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
165214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
165314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
165414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000504 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
165514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
165614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
165714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A2D26C675A9F5FB0ABA919E9F71726151CB174F1
165814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
165914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
166014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
166114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
166214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
166314f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
166414f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
166514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
166614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
166714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
166814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
166914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
167014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
167114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
167214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
167314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
167414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
167514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
167614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
167714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
167814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
167914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
168014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
168114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
168314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
168414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
168514f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
168614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
168814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c691:<flags> [calling]
168914f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
169014f0.139c: supR3HardenedDllNotificationCallback: load 503b0000 LB 0x00815000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
169114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
169214f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
169314f0.139c: supR3HardenedDllNotificationCallback: load 51e30000 LB 0x000c8000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
169414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
169514f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
169614f0.139c: supR3HardenedDllNotificationCallback: load 60d30000 LB 0x00022000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
169714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
169814f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
169914f0.139c: supR3HardenedDllNotificationCallback: load 63b90000 LB 0x000e7000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
170014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
170114f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
170214f0.139c: supR3HardenedDllNotificationCallback: load 68e40000 LB 0x00006000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
170314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
170414f0.139c: supR3HardenedDllNotificationCallback: load 77820000 LB 0x0019d000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
170514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
170614f0.139c: supR3HardenedDllNotificationCallback: load 75b00000 LB 0x00027000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
170714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
170814f0.139c: supR3HardenedDllNotificationCallback: load 76fe0000 LB 0x0008f000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
170914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
171014f0.139c: supR3HardenedDllNotificationCallback: load 75c70000 LB 0x0015d000 C:\Windows\system32\ole32.dll [fFlags=0x0]
171114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
171214f0.139c: supR3HardenedDllNotificationCallback: load 75b70000 LB 0x00012000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
171314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
171414f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
171514f0.139c: supR3HardenedDllNotificationCallback: load 73d70000 LB 0x00013000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
171614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
171714f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
171814f0.139c: supR3HardenedDllNotificationCallback: load 51820000 LB 0x00216000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.dll [fFlags=0x0]
171914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
172014f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
172114f0.139c: supR3HardenedDllNotificationCallback: load 739b0000 LB 0x00007000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
172214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
172314f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
172414f0.139c: supR3HardenedDllNotificationCallback: load 50f80000 LB 0x00274000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
172514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
172614f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
172714f0.139c: supR3HardenedDllNotificationCallback: load 640b0000 LB 0x00810000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
172814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
172914f0.139c: supR3HardenedDllNotificationCallback: load 770b0000 LB 0x0007b000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
173014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
173114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
173214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
173314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
173414f0.139c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll)
173514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
173614f0.139c: supR3HardenedDllNotificationCallback: load 70af0000 LB 0x00084000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\COMCTL32.dll [fFlags=0x0]
173714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [avoiding WinVerifyTrust]
173814f0.139c: supR3HardenedDllNotificationCallback: load 76230000 LB 0x00c4c000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
173914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
174014f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
174114f0.139c: supR3HardenedDllNotificationCallback: load 73e60000 LB 0x00032000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
174214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
174314f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
174414f0.139c: supR3HardenedDllNotificationCallback: load 74e50000 LB 0x00051000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
174514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
174614f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
174714f0.139c: supR3HardenedDllNotificationCallback: load 52020000 LB 0x000c1000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
174814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
174914f0.139c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'.
175014f0.139c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [rescheduled]
175114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
175214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
175714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
175814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c071:<flags> [calling]
175914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77bf0000 'C:\Windows\system32\imm32.dll'
176014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=503b0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
176114f0.139c: SUPR3HardenedMain: Calling TrustedMain (503b1040)...
176214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
176314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f565:<flags> [calling]
176414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73e60000 'C:\Windows\system32\winmm.dll'
176514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000005a8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
176614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
176714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
176814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFB3B3EDEC8C54A3B95DACAFC19DCB9EA6969BD
176914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
177014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
177114f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
177214f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
177314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
177414f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
177514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
177614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
177814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
177914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
178014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
178114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
178214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018efed:<flags> [calling]
178314f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
178414f0.139c: supR3HardenedDllNotificationCallback: load 740f0000 LB 0x00040000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
178514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
178614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
178714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
178814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ec29:<flags> [calling]
178914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
179014f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
179114f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e9f5:<flags> [calling]
179214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
179314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
179414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018e9f5:<flags> [calling]
179514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
179614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
179714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018ee5d:<flags> [calling]
179814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=73d70000 'C:\Windows\system32\dwmapi.dll'
179914f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
180014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f305:<flags> [calling]
180114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75860000 'C:\Windows\system32\CRYPTBASE.dll'
180214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
180314f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f445:<flags> [calling]
180414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
180514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
180614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f3fd:<flags> [calling]
180714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll'
180814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
180914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f43d:<flags> [calling]
181014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
181114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
181214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f465:<flags> [calling]
181314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
181414f0.139c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
181514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5:<flags> [calling]
181614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
181714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll'
181814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
181914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f529:<flags> [calling]
182014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=740f0000 'C:\Windows\system32\uxtheme.dll'
182114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll'
182214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\advapi32.dll'
182314f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
182414f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5:<flags> [calling]
182514f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75b40000 'C:\Windows\system32\userenv.dll'
182614f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
182714f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018f4f5:<flags> [calling]
182814f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=774e0000 'C:\Windows\system32\kernel32.dll'
182914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000608 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
183014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
183114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
183214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B560B8A95D275325C41DE5897E348BE60192127E
183314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
183414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
183514f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
183614f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
183714f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
183814f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
183914f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
184014f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
184114f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
184214f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
184314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
184414f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
184514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
184614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
184714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
184814f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
184914f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
185014f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
185114f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
185214f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
185314f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
185414f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
185514f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
185614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
185714f0.139c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
185814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d2bd:<flags> [calling]
185914f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
186014f0.139c: supR3HardenedDllNotificationCallback: load 761a0000 LB 0x00083000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
186114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
186214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=761a0000 'C:\Windows\system32\CLBCatQ.DLL'
186314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll'
186414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
186514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c5ad:<flags> [calling]
186614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75370000 'C:\Windows\system32\CRYPTSP.dll'
186714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000628 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
186814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
186914f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
187014f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A397FD418538BAA1CB6D18B348447E74938F66EA
187114f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~x86~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
187214f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
187314f0.139c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
187414f0.139c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
187514f0.139c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
187614f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
187714f0.139c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
187814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c2dd:<flags> [calling]
187914f0.139c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
188014f0.139c: supR3HardenedDllNotificationCallback: load 758d0000 LB 0x0000e000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
188114f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
188214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=758d0000 'C:\Windows\system32\RpcRtRemote.dll'
188314f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
188414f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
188514f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
188614f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
188714f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
188814f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
188914f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
189014f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
189114f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
189214f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
189314f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
189414f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
189514f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
189614f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
189714f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
189814f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
189914f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
190014f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
190114f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
190214f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
190314f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
190414f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
190514f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
190614f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
190714f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
190814f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
190914f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
191014f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
191114f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395f0fd:<flags> [calling]
191214f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
191314f0.17c0: supR3HardenedDllNotificationCallback: load 0f9e0000 LB 0x00451000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
191414f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
191514f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0f9e0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
191614f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000068c pwszName=\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
191714f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
191814f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
191914f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AAE8C73E319858922705A3CB3C7B14413A48F03C
192014f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll'
192114f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
192214f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
192314f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
192414f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
192514f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll) WinVerifyTrust
192614f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
192714f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
192814f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
192914f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000678 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
193014f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
193114f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
193214f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87F58E3B93CDFEB987BC8B5880D3F0366E3D8203
193314f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
193414f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
193514f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
193614f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
193714f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
193814f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
193914f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
194014f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
194114f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194214f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
194314f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
194414f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e139:<flags> [calling]
194514f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
194614f0.17c0: supR3HardenedDllNotificationCallback: load 6dc30000 LB 0x00007000 C:\Windows\system32\msiltcfg.dll [fFlags=0x0]
194714f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
194814f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
194914f0.17c0: supR3HardenedDllNotificationCallback: load 74ed0000 LB 0x00009000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
195014f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
195114f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Windows\system32\msiltcfg.dll'
195214f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll'
195314f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000006ac pwszName=\Device\HarddiskVolume2\Windows\System32\msi.dll
195414f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
195514f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
195614f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DED47079BA06FD37B0405BBE7F688D1DC3CE7B96
195714f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_54_for_KB3172605~31bf3856ad364e35~x86~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\msi.dll'
195814f0.17c0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
195914f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
196014f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
196114f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
196214f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
196314f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
196414f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
196514f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
196614f0.17c0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
196714f0.17c0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msi.dll) WinVerifyTrust
196814f0.17c0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msi.dll
196914f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
197014f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
197114f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
197214f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
197314f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
197414f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
197514f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
197614f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
197714f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
197814f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
197914f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
198014f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
198114f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
198214f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
198314f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
198414f0.17c0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
198514f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
198614f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
198714f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
198814f0.17c0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
198914f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msi.dll (Input=msi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e111:<flags> [calling]
199014f0.17c0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
199114f0.17c0: supR3HardenedDllNotificationCallback: load 6f510000 LB 0x00246000 C:\Windows\system32\msi.dll [fFlags=0x0]
199214f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
199314f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6f510000 'C:\Windows\system32\msi.dll'
199414f0.17c0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
199514f0.17c0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0395e111:<flags> [calling]
199614f0.17c0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=6dc30000 'C:\Windows\system32\msiltcfg.dll'
199714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77130000 'C:\Windows\system32\gdi32.dll'
199814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
199914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d125:<flags> [calling]
200014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
200114f0.139c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
200214f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cbcd:<flags> [calling]
200314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
200414f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
200514f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d141:<flags> [calling]
200614f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
200714f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
200814f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018d125:<flags> [calling]
200914f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
201014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
201114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
201214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76230000 'C:\Windows\system32\shell32.dll'
201314f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\user32.dll'
201414f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=76e80000 'C:\Windows\system32\ADVAPI32.dll'
201514f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
201614f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018c649:<flags> [calling]
201714f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=75c70000 'C:\Windows\system32\ole32.dll'
201814f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
201914f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0018cb65:<flags> [calling]
202014f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=760d0000 'C:\Windows\system32\MSCTF.dll'
202114f0.139c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll' [redir]
202214f0.139c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll [redoing WinVerifyTrust]
202314f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000520 pwszName=\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
202414f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00734cc0
202514f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00734cc0
202614f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F6BC11030E34EE31C1BFA1892BB38C959ED836D
202714f0.139c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB3059317~31bf3856ad364e35~x86~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
202814f0.139c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
202914f0.139c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
203014f0.139c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0018b045:<flags> [calling]
203114f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=70af0000 'C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll'
203214f0.139c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=77b10000 'C:\Windows\system32\User32.dll'
203314f0.139c: Terminating the normal way: rcExit=1
20341724.1580: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 106471 ms, the end);
20351764.1530: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 106830 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy