VirtualBox

Ticket #15339: VBoxHardening.log

File VBoxHardening.log, 316.4 KB (added by Paul.LKW, 8 years ago)

Hardening Log

Line 
1149c.ae0: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2149c.ae0: \SystemRoot\System32\ntdll.dll:
3149c.ae0: CreationTime: 2016-04-14T13:51:37.708140100Z
4149c.ae0: LastWriteTime: 2016-03-17T23:01:02.536172600Z
5149c.ae0: ChangeTime: 2016-04-14T16:44:06.305210300Z
6149c.ae0: FileAttributes: 0x20
7149c.ae0: Size: 0x1a7100
8149c.ae0: NT Headers: 0xe0
9149c.ae0: Timestamp: 0x56eb3625
10149c.ae0: Machine: 0x8664 - amd64
11149c.ae0: Timestamp: 0x56eb3625
12149c.ae0: Image Version: 6.1
13149c.ae0: SizeOfImage: 0x1aa000 (1744896)
14149c.ae0: Resource Dir: 0x14e000 LB 0x5a028
15149c.ae0: ProductName: Microsoft® Windows® Operating System
16149c.ae0: ProductVersion: 6.1.7601.23392
17149c.ae0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
18149c.ae0: FileDescription: NT Layer DLL
19149c.ae0: \SystemRoot\System32\kernel32.dll:
20149c.ae0: CreationTime: 2016-04-14T13:51:37.210111600Z
21149c.ae0: LastWriteTime: 2016-03-17T22:53:15.811000000Z
22149c.ae0: ChangeTime: 2016-04-14T16:44:06.461210600Z
23149c.ae0: FileAttributes: 0x20
24149c.ae0: Size: 0x11c000
25149c.ae0: NT Headers: 0xe0
26149c.ae0: Timestamp: 0x56eb3603
27149c.ae0: Machine: 0x8664 - amd64
28149c.ae0: Timestamp: 0x56eb3603
29149c.ae0: Image Version: 6.1
30149c.ae0: SizeOfImage: 0x11f000 (1175552)
31149c.ae0: Resource Dir: 0x116000 LB 0x528
32149c.ae0: ProductName: Microsoft® Windows® Operating System
33149c.ae0: ProductVersion: 6.1.7601.23392
34149c.ae0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
35149c.ae0: FileDescription: Windows NT BASE API Client DLL
36149c.ae0: \SystemRoot\System32\KernelBase.dll:
37149c.ae0: CreationTime: 2016-04-14T13:51:37.145107900Z
38149c.ae0: LastWriteTime: 2016-03-17T22:53:15.858000000Z
39149c.ae0: ChangeTime: 2016-04-14T16:44:06.461210600Z
40149c.ae0: FileAttributes: 0x20
41149c.ae0: Size: 0x66800
42149c.ae0: NT Headers: 0xe8
43149c.ae0: Timestamp: 0x56eb3604
44149c.ae0: Machine: 0x8664 - amd64
45149c.ae0: Timestamp: 0x56eb3604
46149c.ae0: Image Version: 6.1
47149c.ae0: SizeOfImage: 0x6a000 (434176)
48149c.ae0: Resource Dir: 0x68000 LB 0x530
49149c.ae0: ProductName: Microsoft® Windows® Operating System
50149c.ae0: ProductVersion: 6.1.7601.23392
51149c.ae0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
52149c.ae0: FileDescription: Windows NT BASE API Client DLL
53149c.ae0: \SystemRoot\System32\apisetschema.dll:
54149c.ae0: CreationTime: 2016-04-14T13:51:36.605077000Z
55149c.ae0: LastWriteTime: 2016-03-17T22:50:11.213000000Z
56149c.ae0: ChangeTime: 2016-04-14T16:44:06.274010300Z
57149c.ae0: FileAttributes: 0x20
58149c.ae0: Size: 0x1a00
59149c.ae0: NT Headers: 0xc0
60149c.ae0: Timestamp: 0x56eb34e9
61149c.ae0: Machine: 0x8664 - amd64
62149c.ae0: Timestamp: 0x56eb34e9
63149c.ae0: Image Version: 6.1
64149c.ae0: SizeOfImage: 0x50000 (327680)
65149c.ae0: Resource Dir: 0x30000 LB 0x3f8
66149c.ae0: ProductName: Microsoft® Windows® Operating System
67149c.ae0: ProductVersion: 6.1.7601.23392
68149c.ae0: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
69149c.ae0: FileDescription: ApiSet Schema DLL
70149c.ae0: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71149c.ae0: supR3HardenedWinFindAdversaries: 0x0
72149c.ae0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
73149c.ae0: Calling main()
74149c.ae0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
75149c.ae0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
76149c.ae0: SUPR3HardenedMain: Respawn #1
77149c.ae0: System32: \Device\HarddiskVolume2\Windows\System32
78149c.ae0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
79149c.ae0: KnownDllPath: C:\Windows\system32
80149c.ae0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
81149c.ae0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
82149c.ae0: supR3HardNtEnableThreadCreation:
83149c.ae0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777ba0e0 pvNtTerminateThread=00000000777dc060
84149c.ae0: supR3HardenedWinDoReSpawn(1): New child 1514.9d4 [kernel32].
85149c.ae0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd9000 cbPeb=0x380
86149c.ae0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
87149c.ae0: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777ba0e0
88149c.ae0: supR3HardenedWinSetupChildInit: Start child.
89149c.ae0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
90149c.ae0: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps
91149c.ae0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
92149c.ae0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
93149c.ae0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
94149c.ae0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
95149c.ae0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
96149c.ae0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
97149c.ae0: 0000000000041000-ffffffffffec1fff 0x0001/0x0000 0x0000000
98149c.ae0: *00000000001c0000-00000000000c3fff 0x0000/0x0004 0x0020000
99149c.ae0: 00000000002bc000-00000000002b8fff 0x0104/0x0004 0x0020000
100149c.ae0: 00000000002bf000-00000000002bdfff 0x0004/0x0004 0x0020000
101149c.ae0: 00000000002c0000-ffffffff88deffff 0x0001/0x0000 0x0000000
102149c.ae0: *0000000077790000-0000000077790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
103149c.ae0: 0000000077791000-000000007788dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
104149c.ae0: 000000007788e000-00000000778bcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
105149c.ae0: 00000000778bd000-00000000778c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
106149c.ae0: 00000000778c7000-00000000778c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
107149c.ae0: 00000000778c8000-00000000778cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
108149c.ae0: 00000000778cb000-0000000077939fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
109149c.ae0: 000000007793a000-0000000070293fff 0x0001/0x0000 0x0000000
110149c.ae0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
111149c.ae0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
112149c.ae0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
113149c.ae0: 000000007fff0000-ffffffffc0c6ffff 0x0001/0x0000 0x0000000
114149c.ae0: *000000013f370000-000000013f370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
115149c.ae0: 000000013f371000-000000013f3e0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
116149c.ae0: 000000013f3e1000-000000013f3e1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
117149c.ae0: 000000013f3e2000-000000013f426fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
118149c.ae0: 000000013f427000-000000013f427fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
119149c.ae0: 000000013f428000-000000013f428fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
120149c.ae0: 000000013f429000-000000013f42dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
121149c.ae0: 000000013f42e000-000000013f42efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
122149c.ae0: 000000013f42f000-000000013f42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
123149c.ae0: 000000013f430000-000000013f433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
124149c.ae0: 000000013f434000-000000013f47bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
125149c.ae0: 000000013f47c000-fffff8037ee47fff 0x0001/0x0000 0x0000000
126149c.ae0: *000007feffab0000-000007feffab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
127149c.ae0: 000007feffab1000-000007fdff5c1fff 0x0001/0x0000 0x0000000
128149c.ae0: *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
129149c.ae0: 000007fffffd3000-000007fffffccfff 0x0001/0x0000 0x0000000
130149c.ae0: *000007fffffd9000-000007fffffd7fff 0x0004/0x0004 0x0020000
131149c.ae0: 000007fffffda000-000007fffffd5fff 0x0001/0x0000 0x0000000
132149c.ae0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
133149c.ae0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
134149c.ae0: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS)
135149c.ae0: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS)
136149c.ae0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
137149c.ae0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
138149c.ae0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
139149c.ae0: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
1401514.9d4: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1411514.9d4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000 g_uNtVerCombined=0x611db100
1421514.9d4: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS)
1431514.9d4: New simple heap: #1 00000000002c0000 LB 0x400000 (for 1744896 allocation)
144149c.ae0: supR3HardNtEnableThreadCreation:
1451514.9d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1461514.9d4: System32: \Device\HarddiskVolume2\Windows\System32
1471514.9d4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1481514.9d4: KnownDllPath: C:\Windows\system32
1491514.9d4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1501514.9d4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1511514.9d4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1521514.9d4: Registered Dll notification callback with NTDLL.
1531514.9d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1541514.9d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1551514.9d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1561514.9d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1571514.9d4: supR3HardenedDllNotificationCallback: load 0000000077570000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1581514.9d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1591514.9d4: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1601514.9d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1611514.9d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1621514.9d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
1631514.9d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777ba0e0 pvNtTerminateThread=00000000777dc060
164149c.ae0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms.
1651514.9d4: \SystemRoot\System32\ntdll.dll:
1661514.9d4: CreationTime: 2016-04-14T13:51:37.708140100Z
1671514.9d4: LastWriteTime: 2016-03-17T23:01:02.536172600Z
1681514.9d4: ChangeTime: 2016-04-14T16:44:06.305210300Z
1691514.9d4: FileAttributes: 0x20
1701514.9d4: Size: 0x1a7100
1711514.9d4: NT Headers: 0xe0
1721514.9d4: Timestamp: 0x56eb3625
1731514.9d4: Machine: 0x8664 - amd64
1741514.9d4: Timestamp: 0x56eb3625
1751514.9d4: Image Version: 6.1
1761514.9d4: SizeOfImage: 0x1aa000 (1744896)
1771514.9d4: Resource Dir: 0x14e000 LB 0x5a028
1781514.9d4: ProductName: Microsoft® Windows® Operating System
1791514.9d4: ProductVersion: 6.1.7601.23392
1801514.9d4: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
1811514.9d4: FileDescription: NT Layer DLL
1821514.9d4: \SystemRoot\System32\kernel32.dll:
1831514.9d4: CreationTime: 2016-04-14T13:51:37.210111600Z
1841514.9d4: LastWriteTime: 2016-03-17T22:53:15.811000000Z
1851514.9d4: ChangeTime: 2016-04-14T16:44:06.461210600Z
1861514.9d4: FileAttributes: 0x20
1871514.9d4: Size: 0x11c000
1881514.9d4: NT Headers: 0xe0
1891514.9d4: Timestamp: 0x56eb3603
1901514.9d4: Machine: 0x8664 - amd64
1911514.9d4: Timestamp: 0x56eb3603
1921514.9d4: Image Version: 6.1
1931514.9d4: SizeOfImage: 0x11f000 (1175552)
1941514.9d4: Resource Dir: 0x116000 LB 0x528
1951514.9d4: ProductName: Microsoft® Windows® Operating System
1961514.9d4: ProductVersion: 6.1.7601.23392
1971514.9d4: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
1981514.9d4: FileDescription: Windows NT BASE API Client DLL
1991514.9d4: \SystemRoot\System32\KernelBase.dll:
2001514.9d4: CreationTime: 2016-04-14T13:51:37.145107900Z
2011514.9d4: LastWriteTime: 2016-03-17T22:53:15.858000000Z
2021514.9d4: ChangeTime: 2016-04-14T16:44:06.461210600Z
2031514.9d4: FileAttributes: 0x20
2041514.9d4: Size: 0x66800
2051514.9d4: NT Headers: 0xe8
2061514.9d4: Timestamp: 0x56eb3604
2071514.9d4: Machine: 0x8664 - amd64
2081514.9d4: Timestamp: 0x56eb3604
2091514.9d4: Image Version: 6.1
2101514.9d4: SizeOfImage: 0x6a000 (434176)
2111514.9d4: Resource Dir: 0x68000 LB 0x530
2121514.9d4: ProductName: Microsoft® Windows® Operating System
2131514.9d4: ProductVersion: 6.1.7601.23392
2141514.9d4: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
2151514.9d4: FileDescription: Windows NT BASE API Client DLL
2161514.9d4: \SystemRoot\System32\apisetschema.dll:
2171514.9d4: CreationTime: 2016-04-14T13:51:36.605077000Z
2181514.9d4: LastWriteTime: 2016-03-17T22:50:11.213000000Z
2191514.9d4: ChangeTime: 2016-04-14T16:44:06.274010300Z
2201514.9d4: FileAttributes: 0x20
2211514.9d4: Size: 0x1a00
2221514.9d4: NT Headers: 0xc0
2231514.9d4: Timestamp: 0x56eb34e9
2241514.9d4: Machine: 0x8664 - amd64
2251514.9d4: Timestamp: 0x56eb34e9
2261514.9d4: Image Version: 6.1
2271514.9d4: SizeOfImage: 0x50000 (327680)
2281514.9d4: Resource Dir: 0x30000 LB 0x3f8
2291514.9d4: ProductName: Microsoft® Windows® Operating System
2301514.9d4: ProductVersion: 6.1.7601.23392
2311514.9d4: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
2321514.9d4: FileDescription: ApiSet Schema DLL
2331514.9d4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2341514.9d4: supR3HardenedWinFindAdversaries: 0x0
2351514.9d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2361514.9d4: Calling main()
2371514.9d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2381514.9d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2391514.9d4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2401514.9d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2411514.9d4: SUPR3HardenedMain: Respawn #2
2421514.9d4: supR3HardNtEnableThreadCreation:
2431514.9d4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2441514.9d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2451514.9d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2461514.9d4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2471514.9d4: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2481514.9d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2491514.9d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd3d0000 'C:\Windows\system32\apphelp.dll'
2501514.9d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777ba0e0 pvNtTerminateThread=00000000777dc060
2511514.9d4: supR3HardenedWinDoReSpawn(2): New child 404.64c [kernel32].
2521514.9d4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
2531514.9d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077790000 uNtDllChildAddr=0000000077790000
2541514.9d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000777ba0e0
2551514.9d4: supR3HardenedWinSetupChildInit: Start child.
2561514.9d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2571514.9d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 265 ms, 17 sleeps
2581514.9d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2591514.9d4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2601514.9d4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2611514.9d4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2621514.9d4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2631514.9d4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2641514.9d4: 0000000000041000-0000000000001fff 0x0001/0x0000 0x0000000
2651514.9d4: *0000000000080000-fffffffffff83fff 0x0000/0x0004 0x0020000
2661514.9d4: 000000000017c000-0000000000178fff 0x0104/0x0004 0x0020000
2671514.9d4: 000000000017f000-000000000017dfff 0x0004/0x0004 0x0020000
2681514.9d4: 0000000000180000-ffffffff88b6ffff 0x0001/0x0000 0x0000000
2691514.9d4: *0000000077790000-0000000077790fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2701514.9d4: 0000000077791000-000000007788dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2711514.9d4: 000000007788e000-00000000778bcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2721514.9d4: 00000000778bd000-00000000778c6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2731514.9d4: 00000000778c7000-00000000778c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2741514.9d4: 00000000778c8000-00000000778cafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2751514.9d4: 00000000778cb000-0000000077939fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2761514.9d4: 000000007793a000-0000000070293fff 0x0001/0x0000 0x0000000
2771514.9d4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2781514.9d4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2791514.9d4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2801514.9d4: 000000007fff0000-ffffffffc0c6ffff 0x0001/0x0000 0x0000000
2811514.9d4: *000000013f370000-000000013f370fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2821514.9d4: 000000013f371000-000000013f3e0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2831514.9d4: 000000013f3e1000-000000013f3e1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2841514.9d4: 000000013f3e2000-000000013f426fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2851514.9d4: 000000013f427000-000000013f427fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2861514.9d4: 000000013f428000-000000013f428fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2871514.9d4: 000000013f429000-000000013f42dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2881514.9d4: 000000013f42e000-000000013f42efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2891514.9d4: 000000013f42f000-000000013f42ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2901514.9d4: 000000013f430000-000000013f433fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2911514.9d4: 000000013f434000-000000013f47bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2921514.9d4: 000000013f47c000-fffff8037ee47fff 0x0001/0x0000 0x0000000
2931514.9d4: *000007feffab0000-000007feffab0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2941514.9d4: 000007feffab1000-000007fdff5c1fff 0x0001/0x0000 0x0000000
2951514.9d4: *000007fffffa0000-000007fffff6cfff 0x0002/0x0002 0x0040000
2961514.9d4: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
2971514.9d4: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
2981514.9d4: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
2991514.9d4: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
3001514.9d4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
3011514.9d4: apisetschema.dll: timestamp 0x56eb34e9 (rc=VINF_SUCCESS)
3021514.9d4: VirtualBox.exe: timestamp 0x5714e21a (rc=VINF_SUCCESS)
3031514.9d4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3041514.9d4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3051514.9d4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3061514.9d4: supR3HardNtChildPurify: Done after 281 ms and 0 fixes (loop #0).
307404.64c: Log file opened: 5.0.18r106667 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
308404.64c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077790000 g_uNtVerCombined=0x611db100
309404.64c: ntdll.dll: timestamp 0x56eb3625 (rc=VINF_SUCCESS)
310404.64c: New simple heap: #1 0000000000280000 LB 0x400000 (for 1744896 allocation)
3111514.9d4: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002c0000 LB 0x400000)
3121514.9d4: supR3HardNtEnableThreadCreation:
313404.64c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
314404.64c: System32: \Device\HarddiskVolume2\Windows\System32
315404.64c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
316404.64c: KnownDllPath: C:\Windows\system32
317404.64c: supR3HardenedVmProcessInit: Opening vboxdrv...
318404.64c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
319404.64c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
320404.64c: Registered Dll notification callback with NTDLL.
321404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
322404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
323404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
324404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
325404.64c: supR3HardenedDllNotificationCallback: load 0000000077570000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
326404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
327404.64c: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
328404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
329404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
330404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
331404.64c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000777ba0e0 pvNtTerminateThread=00000000777dc060
3321514.9d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 15 ms.
333404.64c: \SystemRoot\System32\ntdll.dll:
334404.64c: CreationTime: 2016-04-14T13:51:37.708140100Z
335404.64c: LastWriteTime: 2016-03-17T23:01:02.536172600Z
336404.64c: ChangeTime: 2016-04-14T16:44:06.305210300Z
337404.64c: FileAttributes: 0x20
338404.64c: Size: 0x1a7100
339404.64c: NT Headers: 0xe0
340404.64c: Timestamp: 0x56eb3625
341404.64c: Machine: 0x8664 - amd64
342404.64c: Timestamp: 0x56eb3625
343404.64c: Image Version: 6.1
344404.64c: SizeOfImage: 0x1aa000 (1744896)
345404.64c: Resource Dir: 0x14e000 LB 0x5a028
346404.64c: ProductName: Microsoft® Windows® Operating System
347404.64c: ProductVersion: 6.1.7601.23392
348404.64c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
349404.64c: FileDescription: NT Layer DLL
350404.64c: \SystemRoot\System32\kernel32.dll:
351404.64c: CreationTime: 2016-04-14T13:51:37.210111600Z
352404.64c: LastWriteTime: 2016-03-17T22:53:15.811000000Z
353404.64c: ChangeTime: 2016-04-14T16:44:06.461210600Z
354404.64c: FileAttributes: 0x20
355404.64c: Size: 0x11c000
356404.64c: NT Headers: 0xe0
357404.64c: Timestamp: 0x56eb3603
358404.64c: Machine: 0x8664 - amd64
359404.64c: Timestamp: 0x56eb3603
360404.64c: Image Version: 6.1
361404.64c: SizeOfImage: 0x11f000 (1175552)
362404.64c: Resource Dir: 0x116000 LB 0x528
363404.64c: ProductName: Microsoft® Windows® Operating System
364404.64c: ProductVersion: 6.1.7601.23392
365404.64c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
366404.64c: FileDescription: Windows NT BASE API Client DLL
367404.64c: \SystemRoot\System32\KernelBase.dll:
368404.64c: CreationTime: 2016-04-14T13:51:37.145107900Z
369404.64c: LastWriteTime: 2016-03-17T22:53:15.858000000Z
370404.64c: ChangeTime: 2016-04-14T16:44:06.461210600Z
371404.64c: FileAttributes: 0x20
372404.64c: Size: 0x66800
373404.64c: NT Headers: 0xe8
374404.64c: Timestamp: 0x56eb3604
375404.64c: Machine: 0x8664 - amd64
376404.64c: Timestamp: 0x56eb3604
377404.64c: Image Version: 6.1
378404.64c: SizeOfImage: 0x6a000 (434176)
379404.64c: Resource Dir: 0x68000 LB 0x530
380404.64c: ProductName: Microsoft® Windows® Operating System
381404.64c: ProductVersion: 6.1.7601.23392
382404.64c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
383404.64c: FileDescription: Windows NT BASE API Client DLL
384404.64c: \SystemRoot\System32\apisetschema.dll:
385404.64c: CreationTime: 2016-04-14T13:51:36.605077000Z
386404.64c: LastWriteTime: 2016-03-17T22:50:11.213000000Z
387404.64c: ChangeTime: 2016-04-14T16:44:06.274010300Z
388404.64c: FileAttributes: 0x20
389404.64c: Size: 0x1a00
390404.64c: NT Headers: 0xc0
391404.64c: Timestamp: 0x56eb34e9
392404.64c: Machine: 0x8664 - amd64
393404.64c: Timestamp: 0x56eb34e9
394404.64c: Image Version: 6.1
395404.64c: SizeOfImage: 0x50000 (327680)
396404.64c: Resource Dir: 0x30000 LB 0x3f8
397404.64c: ProductName: Microsoft® Windows® Operating System
398404.64c: ProductVersion: 6.1.7601.23392
399404.64c: FileVersion: 6.1.7601.23392 (win7sp1_ldr.160317-0600)
400404.64c: FileDescription: ApiSet Schema DLL
401404.64c: NtOpenDirectoryObject failed on \Driver: 0xc0000022
402404.64c: supR3HardenedWinFindAdversaries: 0x0
403404.64c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
404404.64c: Calling main()
405404.64c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
406404.64c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
407404.64c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
408404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
409404.64c: SUPR3HardenedMain: Final process, opening VBoxDrv...
410404.64c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
411404.64c: supR3HardNtEnableThreadCreation:
412404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
413404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
414404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b621:<flags> [calling]
415404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
416404.64c: supR3HardenedDllNotificationCallback: load 000007fefa490000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
417404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
418404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
419404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000178da1:<flags> [calling]
420404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
421404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
422404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000178da1:<flags> [calling]
423404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
424404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa490000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
425404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
426404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
427404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
428404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
429404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
430404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
431404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
432404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
433404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
434404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
435404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
436404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
437404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
438404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
439404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
440404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
441404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
442404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
443404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
444404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
445404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
446404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
447404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
448404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
449404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
450404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
451404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
452404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
453404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
454404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
455404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017d431:<flags> [calling]
456404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
457404.64c: supR3HardenedDllNotificationCallback: load 000007fefd840000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
458404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
459404.64c: supR3HardenedDllNotificationCallback: load 000007fefdc00000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
460404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
461404.64c: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
462404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
463404.64c: supR3HardenedDllNotificationCallback: load 000007fefd5e0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
464404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
465404.64c: supR3HardenedDllNotificationCallback: load 000007feff880000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
466404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
467404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\Wintrust.dll'
468404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
469404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
470404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017d431:<flags> [calling]
471404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
472404.64c: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
473404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
474404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\bcrypt.dll'
475404.64c: bcrypt.dll loaded at 000007fefcf00000, BCryptOpenAlgorithmProvider at 000007fefcf02640, preloading providers:
476404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
477404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
478404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
479404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
480404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
481404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
482404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
483404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
484404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
485404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
486404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
487404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
488404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
489404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
490404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
491404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
492404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
493404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
494404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
495404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017d421:<flags> [calling]
496404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
497404.64c: supR3HardenedDllNotificationCallback: load 000007fefc9e0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
498404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
499404.64c: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
500404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
501404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
502404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
503404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
504404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
505404.64c: supR3HardenedDllNotificationCallback: load 000007feffa80000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
506404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
507404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9e0000 'C:\Windows\system32\bcryptprimitives.dll'
508404.64c: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000085c010)
509404.64c: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000085ded0)
510404.64c: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000085dff0)
511404.64c: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000085e200)
512404.64c: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000085e320)
513404.64c: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000085e440)
514404.64c: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000085e680)
515404.64c: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000085e7a0)
516404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
517404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
518404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
519404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
520404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
521404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
522404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
523404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
524404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cf81:<flags> [calling]
525404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
526404.64c: supR3HardenedDllNotificationCallback: load 000007fefcfc0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
527404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
528404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\Windows\system32\CRYPTSP.dll'
529404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
530404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
531404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
532404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
533404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
534404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
535404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cf11:<flags> [calling]
536404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
537404.64c: supR3HardenedDllNotificationCallback: load 000007fefcac0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
538404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
539404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcac0000 'C:\Windows\system32\rsaenh.dll'
540404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
541404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c7a1:<flags> [calling]
542404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
543404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
544404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
545404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cb21:<flags> [calling]
546404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
547404.64c: supR3HardenedDllNotificationCallback: load 000007fefd470000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
548404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
549404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTBASE.dll'
550404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
551404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c551:<flags> [calling]
552404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
553404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
554404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cee1:<flags> [calling]
555404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\WINTRUST.DLL'
556404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
557404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017cd11:<flags> [calling]
558404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\CRYPT32.dll'
559404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
560404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
561404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
562404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
563404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
564404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
565404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
566404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
567404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
568404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
569404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cd61:<flags> [calling]
570404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
571404.64c: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
572404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
573404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb80000 'C:\Windows\system32\imagehlp.dll'
574404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
575404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ceb1:<flags> [calling]
576404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\Windows\system32\CRYPTSP.dll'
577404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
578404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
579404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
580404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
581404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
582404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
583404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
584404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
585404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
586404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
587404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
588404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
589404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
590404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
591404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
592404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
593404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
594404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
595404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
596404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
597404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
598404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
599404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
600404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
601404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
602404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
603404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
604404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
605404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
606404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
607404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
608404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
609404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
610404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
611404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
612404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
613404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
614404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
615404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
616404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
617404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
618404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c9e1:<flags> [calling]
619404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
620404.64c: supR3HardenedDllNotificationCallback: load 0000000077690000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
621404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
622404.64c: supR3HardenedDllNotificationCallback: load 000007fefda70000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
623404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
624404.64c: supR3HardenedDllNotificationCallback: load 000007fefe1c0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
625404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
626404.64c: supR3HardenedDllNotificationCallback: load 000007fefddc0000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
627404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
628404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
629404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017bee1:<flags> [calling]
630404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\gdi32.dll'
631404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
632404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
633404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
634404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
635404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
636404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
637404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
638404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
639404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
640404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
641404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
642404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
643404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
644404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
645404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
646404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
647404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
648404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
649404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
650404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
651404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
652404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
654404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
655404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
656404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
657404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
658404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
659404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
660404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
661404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
662404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b821:<flags> [calling]
663404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
664404.64c: supR3HardenedDllNotificationCallback: load 000007feff850000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
665404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
666404.64c: supR3HardenedDllNotificationCallback: load 000007fefdcb0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
667404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
668404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff850000 'C:\Windows\system32\IMM32.DLL'
669404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32\USER32.dll'
670404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
671404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
672404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
673404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
674404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
675404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
676404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
677404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
678404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
679404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
680404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
681404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
682404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
683404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
684404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cce1:<flags> [calling]
685404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
686404.64c: supR3HardenedDllNotificationCallback: load 000007fefcf30000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
687404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
688404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf30000 'C:\Windows\system32\ncrypt.dll'
689404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
690404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017cad1:<flags> [calling]
691404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\Windows\system32\bcrypt.dll'
692404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
693404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
694404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
695404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
696404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
697404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
698404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
699404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
700404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
701404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
702404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
703404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
704404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
705404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
706404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
707404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
708404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
709404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
710404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
711404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c491:<flags> [calling]
712404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
713404.64c: supR3HardenedDllNotificationCallback: load 000007fefd680000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
714404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
715404.64c: supR3HardenedDllNotificationCallback: load 000007fefd5d0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
716404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
717404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'C:\Windows\system32\USERENV.dll'
718404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c1f1:<flags> [calling]
719404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
720404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c581:<flags> [calling]
721404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
722404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
723404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
724404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
725404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
726404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
727404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
728404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
729404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
730404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
731404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
732404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c7b1:<flags> [calling]
733404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
734404.64c: supR3HardenedDllNotificationCallback: load 000007fefc880000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
735404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
736404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc880000 'C:\Windows\system32\GPAPI.dll'
737404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c701:<flags> [calling]
738404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
739404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
740404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017be01:<flags> [calling]
741404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff880000 'C:\Windows\system32\rpcrt4.dll'
742404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c6e1:<flags> [calling]
743404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-Management-L2-1-0.dll'
744404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c6f1:<flags> [calling]
745404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
746404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
747404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
748404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
749404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
750404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
751404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
752404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
753404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
754404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
755404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
756404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
757404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
758404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
759404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
760404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
761404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
762404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
763404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
764404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
765404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
766404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
767404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
768404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
769404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c1d1:<flags> [calling]
770404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771404.64c: supR3HardenedDllNotificationCallback: load 000007fef90c0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
772404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
773404.64c: supR3HardenedDllNotificationCallback: load 000007fefdba0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
774404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
775404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
776404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
777404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
778404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
779404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
780404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
781404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
783404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
784404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
785404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
786404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
787404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
789404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
790404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
791404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000017b401:<flags> [calling]
792404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
793404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
794404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
795404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
796404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
797404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
798404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
799404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
800404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
801404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
802404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
803404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
804404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
805404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\Windows\system32\cryptnet.dll'
806404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017bb61:<flags> [calling]
807404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
808404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
809404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017bb61:<flags> [calling]
810404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5d0000 'C:\Windows\system32\profapi.dll'
811404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
812404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
813404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
814404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
815404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
816404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
817404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
818404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
819404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
820404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
821404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
822404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
823404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
824404.64c: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
825404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b601:<flags> [calling]
826404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
827404.64c: supR3HardenedDllNotificationCallback: load 000007feff430000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
828404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
829404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff430000 'C:\Windows\system32\SHLWAPI.dll'
830404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
831404.64c: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000908970
832404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
833404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0A27B5D99454D48F41D910E80C79A0B236F4BA76
834404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c4a1:<flags> [calling]
835404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
836404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c001:<flags> [calling]
837404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
838404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c001:<flags> [calling]
839404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
840404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
841404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c4a1:<flags> [calling]
842404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
843404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c451:<flags> [calling]
844404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
845404.64c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000017c141:<flags> [calling]
846404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
847404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\SystemRoot\System32\ntdll.dll'
848404.64c: g_pfnWinVerifyTrust=000007fefd841010
849404.64c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
850404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
851404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
852404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
853404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
854404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
855404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
856404.64c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
857404.64c: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
858404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
859404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
860404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
861404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
862404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
863404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
864404.64c: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
865404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
866404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
867404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
868404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
869404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
870404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
871404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
872404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
873404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
874404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
875404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
876404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
877404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
878404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
879404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
880404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
881404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
882404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
883404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
884404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
885404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
886404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
887404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
888404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
889404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
890404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
891404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
892404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
893404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
894404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
895404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
896404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
897404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
898404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
899404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
900404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
901404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
902404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
903404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
904404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
905404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
906404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
907404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
908404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
909404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
910404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=75B67CC23E458A1484136967AF24DC2785E13827
911404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
912404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
913404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
914404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
915404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
916404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
917404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
918404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
919404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
920404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
921404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
922404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
923404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
924404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
925404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
926404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
927404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
928404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
929404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
930404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
931404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
932404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
933404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
934404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
935404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
936404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
937404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
938404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCB0DC67293B86DEC2E849DF18F94623D95746BD
939404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
940404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
941404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
942404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
943404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
944404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
945404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E200CE23C0ADD95195EBA5616D50363CEA00DB25
946404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3124001~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
947404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
948404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
949404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
950404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
951404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
952404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
953404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
954404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
955404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
956404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
957404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
958404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
959404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
960404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
961404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
962404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
963404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
964404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
965404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
966404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3C8D4C3547F267B3CFA29EB79C26A209076149C0
967404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
968404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
969404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
970404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
971404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
972404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
973404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
974404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
975404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
976404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
977404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
978404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
979404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
980404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
981404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
982404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
983404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
984404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
985404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
986404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
987404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
988404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=36DEDB6707911BA2F46958C40D5A79D86DB6B863
989404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
990404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
991404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
992404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
993404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
994404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
995404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
996404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
997404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
998404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
999404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1000404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1001404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1002404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1003404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1004404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1005404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1006404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1007404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1008404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1009404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1010404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1011404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1012404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1013404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1014404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1015404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1016404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1017404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B83C0251BB30A1274B06D8C981C411ECE22B54B3
1018404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1019404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1020404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1021404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1022404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1023404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1024404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1025404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=59457EDB7226CDF7C8A527155967062F5A4FD5CC
1026404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1027404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1028404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1029404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1030404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1031404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1032404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B7365E874BBA7FB94EDF9535D8857002234D9580
1033404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1034404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1035404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1036404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1037404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017bf51:<flags> [calling]
1038404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\crypt32.dll'
1039404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1040404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1041404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1042404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1043404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1044404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xd2fa7e39b239800 CN=ESET SSL Filter CA, O=ESET, spol. s r. o., C=SK
1045404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1046404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1047404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1048404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1049404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1050404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1051404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1052404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
1053404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1054404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1055404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1056404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1057404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1058404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1059404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1060404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1061404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1062404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1063404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1064404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1065404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1066404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1067404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1068404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1069404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1070404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1071404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1072404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1073404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1074404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1075404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1076404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1077404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1078404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1079404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1080404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1081404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1082404.64c: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1083404.64c: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=44
1084404.64c: SUPR3HardenedMain: Load Runtime...
1085404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1086404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1087404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1088404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1089404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1090404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1091404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1092404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1093404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1094404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1095404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1096404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1097404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1098404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1099404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1100404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1101404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1102404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1103404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1104404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1105404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1106404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1107404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1108404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1109404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1110404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1111404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1112404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1113404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1114404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1115404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1116404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1117404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1118404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1119404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1120404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1121404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1122404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1123404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1124404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1125404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1126404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1127404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1128404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1129404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1130404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1131404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1132404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1133404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1134404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1135404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c271:<flags> [calling]
1136404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1137404.64c: supR3HardenedDllNotificationCallback: load 000007fee0950000 LB 0x0050f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1138404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1139404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1140404.64c: supR3HardenedDllNotificationCallback: load 0000000071da0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1141404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1142404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1143404.64c: supR3HardenedDllNotificationCallback: load 0000000062230000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1144404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1145404.64c: supR3HardenedDllNotificationCallback: load 000007feffa30000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1146404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1147404.64c: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1148404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1149404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1150404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1151404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1152404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1153404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1154404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1155404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1156404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1157404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1158404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1159404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1160404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1161404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1162404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1163404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1164404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1165404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1166404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1167404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1168404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1169404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1170404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1171404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1172404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1173404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1174404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1175404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1176404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1177404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1178404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1179404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1180404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1181404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1182404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1183404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1184404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1185404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1186404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1187404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1188404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1189404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1190404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1191404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1192404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1193404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001799b1:<flags> [calling]
1194404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1195404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1196404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1197404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0950000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1198404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1199404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ddd1:<flags> [calling]
1200404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\Wintrust.dll'
1201404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1202404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c931:<flags> [calling]
1203404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\Windows\system32\crypt32.dll'
1204404.64c: SUPR3HardenedMain: Load TrustedMain...
1205404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1206404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1207404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1208404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1209404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1210404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
1211404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
1212404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1213404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1214404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
1215404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
1216404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
1217404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
1218404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
1219404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1220404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1221404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1222404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1223404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1224404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1225404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1226404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1227404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1228404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1229404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1230404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1231404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1232404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1233404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1234404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1235404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1236404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1237404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1238404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BC5EE6972BF0BFEF4A099CB82428B9B682CAD7
1239404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1240404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1241404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1242404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1243404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1244404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1245404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1246404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1247404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1248404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1249404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1250404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1251404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1252404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1253404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
1254404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1255404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1256404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1257404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1258404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1259404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1260404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1261404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1262404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1263404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1264404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1265404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1266404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1267404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=099C901656A370A7121E2F44A89052BDA6B504DB
1268404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1269404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1270404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1271404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1272404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1273404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1274404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1275404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1276404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1277404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1278404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1279404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1280404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1281404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1282404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1283404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1284404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
1285404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
1286404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1287404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1288404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1289404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
1290404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
1291404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1292404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
1293404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1294404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1295404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1296404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1297404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
1298404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
1299404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1300404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1301404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1302404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1303404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1304404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
1305404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
1306404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
1307404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
1308404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
1309404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
1310404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1311404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1312404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1313404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1314404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1315404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1316404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
1317404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1318404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1319404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
1320404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1321404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1322404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1323404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1324404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1325404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1326404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1327404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1328404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1329404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1330404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1331404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1332404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1333404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1334404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1335404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1336404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1337404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1338404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1339404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1340404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1341404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1342404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1343404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1344404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1345404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1346404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1347404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1348404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1349404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1350404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1351404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1352404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1353404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1354404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1355404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1356404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1357404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1358404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1359404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1360404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1361404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1362404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1363404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1364404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1365404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1366404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1367404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1368404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1369404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1370404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1371404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1372404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1373404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1374404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1375404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1376404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1377404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1378404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1379404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1380404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1381404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1382404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1383404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1384404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1385404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1386404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1387404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1388404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1389404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1390404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1391404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1392404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1393404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1394404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1395404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1396404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1397404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1398404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1399404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1400404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1401404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1402404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1403404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1404404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1405404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1406404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1407404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1408404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1409404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1410404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1411404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1412404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1413404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1414404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1415404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1416404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1417404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1418404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1419404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1420404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1421404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1422404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1423404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1424404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1425404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1426404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1427404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1428404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1429404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1430404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1431404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1432404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1433404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1434404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1435404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1436404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1437404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1438404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1439404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1440404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1441404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1442404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1443404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1444404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1445404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1446404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1447404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1448404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1449404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1450404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1451404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1452404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1453404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1454404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1455404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1456404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1457404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1458404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1459404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1460404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1461404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1462404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
1463404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
1464404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1465404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
1466404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
1467404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1468404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1469404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1470404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1471404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1472404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1473404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1474404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1475404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1476404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1477404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1478404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1479404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1480404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1481404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1482404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1483404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1484404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1485404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1486404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1487404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1488404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1489404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1490404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1491404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1492404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1493404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1494404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1495404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1496404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1497404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1498404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1499404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1500404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1501404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1502404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1503404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1504404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1505404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1506404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1507404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1508404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1509404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1510404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1511404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1512404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1513404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1514404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1515404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1516404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1517404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1518404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1519404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1520404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1521404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1522404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1523404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1524404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1525404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1526404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1529404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1530404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1531404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1532404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1533404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1534404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1535404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1536404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1537404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1538404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1539404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1540404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1541404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1542404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1543404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1544404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1545404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1546404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1547404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1548404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1549404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1550404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1551404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1552404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1553404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1554404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1555404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1556404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1557404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1558404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1559404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1560404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1561404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1562404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ec pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1563404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1564404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1565404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1566404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1567404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1568404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1569404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1570404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1571404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1572404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1573404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1574404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1575404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1576404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1577404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1578404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1579404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1580404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1581404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1582404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1583404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1584404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3B836812C25D9B41A17EC3FB9DFD521994AD2302
1585404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140735~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1586404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1587404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1588404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1589404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1590404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1591404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1592404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1593404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1594404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1595404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1596404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1597404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1598404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1599404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1600404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1601404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1602404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1603404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1604404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1605404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1606404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1607404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1608404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1609404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1610404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1611404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1612404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1613404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1614404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1615404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1616404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1617404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1618404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1619404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1620404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1621404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1622404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1623404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1624404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1625404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1626404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1627404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1628404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1629404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1630404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1631404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1632404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1633404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1634404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1635404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1636404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1637404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1638404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1639404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1640404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1641404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1642404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1643404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1644404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1645404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1646404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1647404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1648404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1649404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1650404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1651404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1652404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1653404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1654404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1655404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1656404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1657404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1658404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1659404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1660404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1661404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017c281:<flags> [calling]
1662404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1663404.64c: supR3HardenedDllNotificationCallback: load 000007fedc280000 LB 0x008c0000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
1664404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1665404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1666404.64c: supR3HardenedDllNotificationCallback: load 000007fedc160000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1667404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1668404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1669404.64c: supR3HardenedDllNotificationCallback: load 000007fef0a30000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1670404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1671404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1672404.64c: supR3HardenedDllNotificationCallback: load 000007fee2b60000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1673404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1674404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1675404.64c: supR3HardenedDllNotificationCallback: load 000007fef6ee0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1676404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1677404.64c: supR3HardenedDllNotificationCallback: load 000007fefe1d0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1678404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1679404.64c: supR3HardenedDllNotificationCallback: load 000007fefd880000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1680404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1681404.64c: supR3HardenedDllNotificationCallback: load 000007fefe5c0000 LB 0x000d8000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1682404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1683404.64c: supR3HardenedDllNotificationCallback: load 000007fefe3b0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1684404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1685404.64c: supR3HardenedDllNotificationCallback: load 000007fefd8d0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1686404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1687404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1688404.64c: supR3HardenedDllNotificationCallback: load 000007fefa9c0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1689404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1690404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1691404.64c: supR3HardenedDllNotificationCallback: load 0000000061f50000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
1692404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
1693404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1694404.64c: supR3HardenedDllNotificationCallback: load 00000000615e0000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
1695404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
1696404.64c: supR3HardenedDllNotificationCallback: load 000007fefdae0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1697404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1698404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1699404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1700404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1701404.64c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
1702404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
1703404.64c: supR3HardenedDllNotificationCallback: load 000007fef9a00000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
1704404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
1705404.64c: supR3HardenedDllNotificationCallback: load 000007fefe6a0000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1706404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1707404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1708404.64c: supR3HardenedDllNotificationCallback: load 000007fef9aa0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1709404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1710404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1711404.64c: supR3HardenedDllNotificationCallback: load 000007fef9980000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1712404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1713404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1714404.64c: supR3HardenedDllNotificationCallback: load 0000000061500000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
1715404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
1716404.64c: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
1717404.64c: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
1718404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1719404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1720404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1721404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1722404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1723404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1724404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1725404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b851:<flags> [calling]
1726404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff850000 'C:\Windows\system32\imm32.dll'
1727404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedc280000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
1728404.64c: SUPR3HardenedMain: Calling TrustedMain (000007fedc281020)...
1729404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1730404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ef11:<flags> [calling]
1731404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\winmm.dll'
1732404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000598 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1733404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1734404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1735404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1736404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1737404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1738404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1739404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1740404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1741404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1742404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1743404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1744404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1745404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1746404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1747404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1748404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1749404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017e731:<flags> [calling]
1750404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1751404.64c: supR3HardenedDllNotificationCallback: load 000007fefaf20000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1752404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1753404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1754404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1755404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017e171:<flags> [calling]
1756404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1757404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1758404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017dee1:<flags> [calling]
1759404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1760404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1761404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017dee1:<flags> [calling]
1762404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1763404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1764404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017e3a1:<flags> [calling]
1765404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9c0000 'C:\Windows\system32\dwmapi.dll'
1766404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1767404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ebc1:<flags> [calling]
1768404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd470000 'C:\Windows\system32\CRYPTBASE.dll'
1769404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1770404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ed71:<flags> [calling]
1771404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
1772404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1773404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ecc1:<flags> [calling]
1774404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
1775404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1776404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ed41:<flags> [calling]
1777404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1778404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1779404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017edb1:<flags> [calling]
1780404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1781404.64c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1782404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017eed1:<flags> [calling]
1783404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1784404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32\user32.dll'
1785404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1786404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ef21:<flags> [calling]
1787404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf20000 'C:\Windows\system32\uxtheme.dll'
1788404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32\user32.dll'
1789404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\advapi32.dll'
1790404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
1791404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ed81:<flags> [calling]
1792404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'C:\Windows\system32\userenv.dll'
1793404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1794404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ed81:<flags> [calling]
1795404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32\kernel32.dll'
1796404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f8 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1797404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1798404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1799404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
1800404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
1801404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1802404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1803404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1804404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1805404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1806404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1807404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
1808404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
1809404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1810404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1811404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1812404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1813404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1814404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1815404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1816404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1817404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1818404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1819404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1820404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1821404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1822404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1823404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1824404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1825404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017bd61:<flags> [calling]
1826404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1827404.64c: supR3HardenedDllNotificationCallback: load 000007fefe120000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
1828404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
1829404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe120000 'C:\Windows\system32\CLBCatQ.DLL'
1830404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
1831404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1832404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ab51:<flags> [calling]
1833404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\Windows\system32\CRYPTSP.dll'
1834404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000618 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1835404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1836404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1837404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
1838404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
1839404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1840404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
1841404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
1842404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1843404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1844404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1845404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017a721:<flags> [calling]
1846404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1847404.64c: supR3HardenedDllNotificationCallback: load 000007fefd520000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
1848404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
1849404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd520000 'C:\Windows\system32\RpcRtRemote.dll'
1850404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1851404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1852404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
1853404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1854404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
1855404.f18: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
1856404.f18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
1857404.f18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1858404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1859404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1860404.f18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1861404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1862404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1863404.f18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1864404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1865404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1866404.f18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1867404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1868404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1869404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1870404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1871404.f18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1872404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1873404.f18: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1874404.f18: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1875404.f18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000444e821:<flags> [calling]
1876404.f18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1877404.f18: supR3HardenedDllNotificationCallback: load 000007fedbc60000 LB 0x004fe000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
1878404.f18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
1879404.f18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedbc60000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
1880404.f18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1881404.f18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000444d3a1:<flags> [calling]
1882404.f18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\oleaut32.dll'
1883404.f18: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000678 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
1884404.f18: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1885404.f18: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1886404.f18: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
1887404.f18: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
1888404.f18: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1889404.f18: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
1890404.f18: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
1891404.f18: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000444d951:<flags> [calling]
1892404.f18: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1893404.f18: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00091000 C:\Windows\system32\SXS.DLL [fFlags=0x0]
1894404.f18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
1895404.f18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\SXS.DLL'
1896404.f18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
1897404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1898404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b1b1:<flags> [calling]
1899404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\OLEAUT32.dll'
1900404.64c: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
1901404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017b561:<flags> [calling]
1902404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
1903404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda70000 'C:\Windows\system32\gdi32.dll'
1904404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32\user32.dll'
1905404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1906404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017ad51:<flags> [calling]
1907404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
1908404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
1909404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1910404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000179aa1:<flags> [calling]
1911404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
1912404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1913404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000179421:<flags> [calling]
1914404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
1915404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
1916404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017a371:<flags> [calling]
1917404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdcb0000 'C:\Windows\system32\MSCTF.dll'
1918404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1919404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017a9d1:<flags> [calling]
1920404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
1921404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1922404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017a9d1:<flags> [calling]
1923404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
1924404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
1925404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1926404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001781a1:<flags> [calling]
1927404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\OLEAUT32.dll'
1928404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a9c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1929404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1930404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1931404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
1932404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
1933404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1934404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1935404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
1936404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1937404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1938404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
1939404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
1940404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
1941404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1942404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1943404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1944404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1945404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1946404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1947404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1948404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1949404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1950404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1951404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
1952404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
1953404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1954404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1955404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1956404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
1957404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
1958404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1959404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1960404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
1961404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
1962404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1963404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
1964404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
1965404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1966404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1967404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1968404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1969404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1970404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1971404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1972404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1973404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1974404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1975404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1976404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1977404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1978404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1979404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1980404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000176ac1:<flags> [calling]
1981404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1982404.64c: supR3HardenedDllNotificationCallback: load 000007fef8460000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
1983404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
1984404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1985404.64c: supR3HardenedDllNotificationCallback: load 000007fef8780000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
1986404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
1987404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8460000 'C:\Windows\system32\wbem\wbemprox.dll'
1988404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ad4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1989404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
1990404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
1991404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
1992404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
1993404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1994404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1995404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
1996404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
1997404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
1998404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1999404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2000404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2001404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2002404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000176681:<flags> [calling]
2003404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2004404.64c: supR3HardenedDllNotificationCallback: load 000007fef8080000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2005404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2006404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8080000 'C:\Windows\system32\wbem\wbemsvc.dll'
2007404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2008404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2009404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2010404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2011404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2012404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2013404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2014404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2015404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2016404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2017404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2018404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2019404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2020404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2021404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2022404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2023404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ac8 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2024404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2025404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2026404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2027404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2028404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2029404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2030404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2031404.64c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2032404.64c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2033404.64c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2034404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2035404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2036404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2037404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2038404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2039404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2040404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2041404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2042404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
2043404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2044404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2045404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2046404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2047404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2048404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2049404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2050404.64c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2051404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2052404.64c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2053404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001766c1:<flags> [calling]
2054404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2055404.64c: supR3HardenedDllNotificationCallback: load 000007fef8560000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
2056404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2057404.64c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2058404.64c: supR3HardenedDllNotificationCallback: load 000007fef84e0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
2059404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2060404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8560000 'C:\Windows\system32\wbem\fastprox.dll'
2061404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\OLEAUT32.dll'
2062404.64c: supR3HardenedMonitor_LdrLoadDll: 'C:\Windows\system32\comctl32.dll' -> 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
2063404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
2064404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2065404.64c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2066404.64c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2067404.64c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2068404.64c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2069404.64c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2070404.64c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2071404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\Windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000177291:<flags> [calling]
2072404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a00000 'C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
2073404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\OLEAUT32.DLL'
2074404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2075404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000176771:<flags> [calling]
2076404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\WINMM.dll'
2077404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2078404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2079404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2080404.1568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2081404.1568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2082404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2083404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2084404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2085404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2086404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2087404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2088404.1568: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2089404.1568: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2090404.1568: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2091404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2092404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2093404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2094404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2095404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2096404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2097404.1568: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2098404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2099404.1568: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2100404.1568: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000741e561:<flags> [calling]
2101404.1568: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2102404.1568: supR3HardenedDllNotificationCallback: load 000007fedda40000 LB 0x00273000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2103404.1568: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2104404.1568: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2105404.1568: supR3HardenedDllNotificationCallback: load 0000000061320000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2106404.1568: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2107404.1568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedda40000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2108404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc0 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2109404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2110404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2111404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
2112404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
2113404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2114404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
2115404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2116404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2117404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2118404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2119404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2120404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
2121404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
2122404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
2123404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2124404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2125404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2126404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba0 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2127404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2128404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2129404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2130404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2131404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2132404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2133404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2134404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2135404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2136404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2137404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2138404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2139404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2140404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2141404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2142404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2143404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2144404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2145404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2146404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2147404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2148404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2149404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2150404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2151404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2152404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2153404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2154404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2155404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2156404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2157404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2158404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bbc pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2159404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2160404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2161404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2162404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2163404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2164404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2165404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2166404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2167404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2168404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2169404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2170404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2171404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2172404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2173404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2174404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2175404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2176404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2177404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2178404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2179404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2180404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2181404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007859311:<flags> [calling]
2182404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2183404.8e0: supR3HardenedDllNotificationCallback: load 000007fef8350000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
2184404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
2185404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2186404.8e0: supR3HardenedDllNotificationCallback: load 000007fefbeb0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2187404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2188404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2189404.8e0: supR3HardenedDllNotificationCallback: load 000007fefbea0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
2190404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2191404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8350000 'C:\Windows\system32\netcfgx.dll'
2192404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2193404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785aa41:<flags> [calling]
2194404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\SETUPAPI.dll'
2195404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2196404.8e0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
2197404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
2198404.8e0: supR3HardenedDllNotificationCallback: load 000007fefc8a0000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
2199404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
2200404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd4 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
2201404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2202404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2203404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
2204404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2205404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2206404.8e0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
2207404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
2208404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2209404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2210404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785a7e1:<flags> [calling]
2211404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd840000 'C:\Windows\system32\WINTRUST.dll'
2212404.15b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2213404.15b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2214404.15b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2215404.15b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2216404.15b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2217404.15b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2218404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2219404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2220404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2221404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2222404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2223404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2224404.15b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2225404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2226404.15b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2227404.15b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007bedbd1:<flags> [calling]
2228404.15b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2229404.15b4: supR3HardenedDllNotificationCallback: load 000007fef7c30000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2230404.15b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2231404.15b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7c30000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2232404.15b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077690000 'C:\Windows\system32/User32.dll'
2233404.5ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2234404.5ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2235404.5ac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2236404.5ac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2237404.5ac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2238404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2239404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2240404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2241404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2242404.5ac: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2243404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2244404.5ac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2245404.5ac: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007f5da51:<flags> [calling]
2246404.5ac: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2247404.5ac: supR3HardenedDllNotificationCallback: load 000007fef7c40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2248404.5ac: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2249404.5ac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7c40000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2250404.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2251404.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2252404.1518: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2253404.1518: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2254404.1518: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2255404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2256404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2257404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2258404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2259404.1518: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2260404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2261404.1518: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2262404.1518: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000823de21:<flags> [calling]
2263404.1518: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2264404.1518: supR3HardenedDllNotificationCallback: load 000007fef7be0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2265404.1518: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2266404.1518: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7be0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2267404.1014: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2268404.1014: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2269404.1014: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2270404.1014: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2271404.1014: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2272404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2273404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2274404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2275404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2276404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2277404.1014: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2278404.1014: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000084bdcd1:<flags> [calling]
2279404.1014: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2280404.1014: supR3HardenedDllNotificationCallback: load 000007fef7bd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2281404.1014: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2282404.1014: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7bd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2283404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2284404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007858d11:<flags> [calling]
2285404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32/Shell32.dll'
2286404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
2287404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007857961:<flags> [calling]
2288404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2289404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2290404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000078579a1:<flags> [calling]
2291404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5d0000 'C:\Windows\system32\profapi.dll'
2292404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2293404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2294404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2295404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2296404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2297404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2298404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2299404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2300404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2301404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2302404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2303404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2304404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2305404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2306404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2307404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2308404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2309404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2310404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2311404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2312404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2313404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2314404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2315404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2316404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2317404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2318404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2319404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2320404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2321404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2322404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2323404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2324404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2325404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2326404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2327404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2328404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2329404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2330404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2331404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2332404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2333404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2334404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2335404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2336404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2337404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2338404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2339404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2340404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2341404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2342404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2343404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2344404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2345404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2346404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2347404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2348404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2349404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2350404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2351404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2352404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2353404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2354404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2355404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2356404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2357404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2358404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2359404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d951:<flags> [calling]
2360404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2361404.8e0: supR3HardenedDllNotificationCallback: load 000007fedd180000 LB 0x008be000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2362404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2363404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2364404.8e0: supR3HardenedDllNotificationCallback: load 000007feefc20000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2365404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2366404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2367404.8e0: supR3HardenedDllNotificationCallback: load 000007fef6f00000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2368404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2369404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedd180000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
2370404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2371404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d951:<flags> [calling]
2372404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2373404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedbc60000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
2374404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2375404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d861:<flags> [calling]
2376404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2377404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f00000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
2378404.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2379404.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2380404.176c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2381404.176c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2382404.176c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2383404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2384404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2385404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2386404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2387404.176c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2388404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2389404.176c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2390404.176c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c96dd51:<flags> [calling]
2391404.176c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2392404.176c: supR3HardenedDllNotificationCallback: load 000007fef7b80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2393404.176c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2394404.176c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b80000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2395404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e28 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2396404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2397404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2398404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2399404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2400404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2401404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2402404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2403404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2404404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2405404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2406404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2407404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2408404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2409404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2410404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2411404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e2c pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2412404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2413404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2414404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2415404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2416404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2417404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2418404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2419404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2420404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
2421404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2422404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2423404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2424404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2425404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2426404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2427404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2428404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2429404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2430404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2431404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2432404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2433404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2434404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2435404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2436404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2437404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2438404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2439404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2440404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2441404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d751:<flags> [calling]
2442404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2443404.8e0: supR3HardenedDllNotificationCallback: load 000007fef4b90000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
2444404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2445404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2446404.8e0: supR3HardenedDllNotificationCallback: load 000007fefbb30000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
2447404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2448404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2449404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785cac1:<flags> [calling]
2450404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Windows\System32\dsound.dll'
2451404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Windows\System32\dsound.dll'
2452404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2453404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dc51:<flags> [calling]
2454404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2455404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Windows\system32/dsound.dll'
2456404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2457404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2458404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2459404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2460404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2461404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2462404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2463404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2464404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2465404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2466404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2467404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2468404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2469404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2470404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e54 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2471404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2472404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2473404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2474404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2475404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2476404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2477404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2478404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2479404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2480404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2481404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2482404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2483404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2484404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2485404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2486404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2487404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2488404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2489404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2490404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2491404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2492404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2493404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2494404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2495404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2496404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2497404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2498404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2499404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d221:<flags> [calling]
2500404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2501404.8e0: supR3HardenedDllNotificationCallback: load 000007fefaf80000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
2502404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2503404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2504404.8e0: supR3HardenedDllNotificationCallback: load 000007fefb080000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
2505404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2506404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\ADVAPI32.dll'
2507404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf80000 'C:\Windows\System32\MMDevApi.dll'
2508404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
2509404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2510404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d531:<flags> [calling]
2511404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe1d0000 'C:\Windows\system32\SETUPAPI.dll'
2512404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2513404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785e3a1:<flags> [calling]
2514404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff430000 'C:\Windows\system32\SHLWAPI.dll'
2515404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2516404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785e5c1:<flags> [calling]
2517404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf80000 'C:\Windows\system32\MMDEVAPI.DLL'
2518404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3b0000 'C:\Windows\system32\ole32.dll'
2519404.8b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2520404.8b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001109f971:<flags> [calling]
2521404.8b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd880000 'C:\Windows\system32\CFGMGR32.dll'
2522404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2523404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785e1f1:<flags> [calling]
2524404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\winmm.dll'
2525404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000785e051:<flags> [calling]
2526404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2527404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000785e051:<flags> [calling]
2528404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa80000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2529404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff880000 'C:\Windows\system32\RPCRT4.dll'
2530404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2531404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785e0b1:<flags> [calling]
2532404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaf80000 'C:\Windows\system32\MMDevAPI.DLL'
2533404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e7c pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2534404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2535404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2536404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2537404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2538404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2539404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2540404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2541404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2542404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2543404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2544404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2545404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2546404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2547404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2548404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2549404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2550404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2551404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e80 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2552404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2553404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2554404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2555404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2556404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2557404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2558404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2559404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2560404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2561404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2562404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2563404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2564404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2565404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2566404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2567404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
2568404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2569404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2570404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2571404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2572404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2573404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2574404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2575404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2576404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2577404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2578404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2579404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2580404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2581404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2582404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2583404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2584404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2585404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2586404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dc21:<flags> [calling]
2587404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2588404.8e0: supR3HardenedDllNotificationCallback: load 000007fef2fe0000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
2589404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2590404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2591404.8e0: supR3HardenedDllNotificationCallback: load 0000000071a30000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
2592404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2593404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2594404.8e0: supR3HardenedDllNotificationCallback: load 000007fefacf0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
2595404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
2596404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2597404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2598404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dc21:<flags> [calling]
2599404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2600404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2601404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785ddd1:<flags> [calling]
2602404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2603404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2604404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785ddd1:<flags> [calling]
2605404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2606404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2607404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785ddd1:<flags> [calling]
2608404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2609404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb8 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2610404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2611404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2612404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
2613404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
2614404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2615404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2616404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2617404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2618404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2619404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2620404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2621404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2622404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
2623404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2624404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2625404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2626404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2627404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2628404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2629404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2630404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2631404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2632404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2633404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2634404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2635404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2636404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2637404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2638404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2639404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2640404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dde1:<flags> [calling]
2641404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2642404.8e0: supR3HardenedDllNotificationCallback: load 000007fef49b0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
2643404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
2644404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef49b0000 'C:\Windows\system32\AUDIOSES.DLL'
2645404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2646404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785ddd1:<flags> [calling]
2647404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2648404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2649404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785ddd1:<flags> [calling]
2650404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2651404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2652404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2653404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2654404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fe0000 'C:\Windows\system32\wdmaud.drv'
2655404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
2656404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2657404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2658404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
2659404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
2660404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2661404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2662404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2663404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2664404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
2665404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
2666404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
2667404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2668404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2669404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2670404.8e0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2671404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
2672404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
2673404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ecc pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
2674404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2675404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2676404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
2677404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
2678404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2679404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2680404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2681404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2682404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2683404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2684404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
2685404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2686404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2687404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2688404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2689404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2690404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2691404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2692404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2693404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2694404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2695404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2696404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2697404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2698404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2699404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2700404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2701404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2702404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dbd1:<flags> [calling]
2703404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2704404.8e0: supR3HardenedDllNotificationCallback: load 000007fef2fb0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
2705404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2706404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2707404.8e0: supR3HardenedDllNotificationCallback: load 000007fef2b20000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
2708404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
2709404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2710404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2711404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2712404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2713404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2714404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2715404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2716404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2717404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2718404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2719404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2720404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2721404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2722404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2723404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2724404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2725404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
2726404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5d1:<flags> [calling]
2727404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2728404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2729404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2730404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2fb0000 'C:\Windows\system32\msacm32.drv'
2731404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed0 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
2732404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000908970
2733404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000908970
2734404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
2735404.8e0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
2736404.8e0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2737404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2738404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
2739404.8e0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
2740404.8e0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
2741404.8e0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
2742404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2743404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2744404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2745404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2746404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2747404.8e0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2748404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dbd1:<flags> [calling]
2749404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2750404.8e0: supR3HardenedDllNotificationCallback: load 000007fef0de0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
2751404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2752404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0de0000 'C:\Windows\system32\midimap.dll'
2753404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2754404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5a1:<flags> [calling]
2755404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0de0000 'C:\Windows\system32\midimap.dll'
2756404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2757404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785d5a1:<flags> [calling]
2758404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0de0000 'C:\Windows\system32\midimap.dll'
2759404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
2760404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dbd1:<flags> [calling]
2761404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0de0000 'C:\Windows\system32\midimap.dll'
2762404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\winmm.dll'
2763404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2764404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785dc41:<flags> [calling]
2765404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2766404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Windows\system32/dsound.dll'
2767404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\winmm.dll'
2768404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2769404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785de11:<flags> [calling]
2770404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b90000 'C:\Windows\system32/dsound.dll'
2771404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9aa0000 'C:\Windows\system32\winmm.dll'
2772404.8e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2773404.8e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000785e341:<flags> [calling]
2774404.8e0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2775404.8e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077570000 'C:\Windows\system32/kernel32.dll'
2776404.1568: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe5c0000 'C:\Windows\system32\OLEAUT32.dll'
2777404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2778404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2779404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2780404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2781404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2782404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2783404.64c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2784404.64c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000017a721:<flags> [calling]
2785404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2786404.64c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\Windows\system32\shell32.dll'
2787404.176c: supR3HardenedDllNotificationCallback: Unload 000007fef7b80000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
2788404.1014: supR3HardenedDllNotificationCallback: Unload 000007fef7bd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
2789404.1518: supR3HardenedDllNotificationCallback: Unload 000007fef7be0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
2790404.5ac: supR3HardenedDllNotificationCallback: Unload 000007fef7c40000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
2791404.15b4: supR3HardenedDllNotificationCallback: Unload 000007fef7c30000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
2792404.8e0: supR3HardenedDllNotificationCallback: Unload 000007fedd180000 LB 0x008be000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
2793404.8e0: supR3HardenedDllNotificationCallback: Unload 000007fef6f00000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
2794404.8e0: supR3HardenedDllNotificationCallback: Unload 000007feefc20000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
2795404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef8350000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
2796404.64c: supR3HardenedDllNotificationCallback: Unload 000007fefbeb0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [flags=0x0]
2797404.64c: supR3HardenedDllNotificationCallback: Unload 000007fefbea0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [flags=0x0]
2798404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef8560000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [flags=0x0]
2799404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef84e0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [flags=0x0]
2800404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef8080000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [flags=0x0]
2801404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef8460000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [flags=0x0]
2802404.64c: supR3HardenedDllNotificationCallback: Unload 000007fef8780000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [flags=0x0]
2803404.64c: supR3HardenedDllNotificationCallback: Unload 000007fedbc60000 LB 0x004fe000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
2804404.64c: Terminating the normal way: rcExit=0
28051514.9d4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 621857 ms, the end);
2806149c.ae0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 622169 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy