VirtualBox

Ticket #15752: VBoxHardening.3.log

File VBoxHardening.3.log, 231.3 KB (added by dexter1988, 8 years ago)

Help me!!!

Line 
116fc.14d4: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
216fc.14d4: \SystemRoot\System32\ntdll.dll:
316fc.14d4: CreationTime: 2010-11-21T03:23:51.351694200Z
416fc.14d4: LastWriteTime: 2010-11-21T03:23:51.367294200Z
516fc.14d4: ChangeTime: 2016-09-21T18:36:09.855512900Z
616fc.14d4: FileAttributes: 0x20
716fc.14d4: Size: 0x1a6d60
816fc.14d4: NT Headers: 0xe0
916fc.14d4: Timestamp: 0x4ce7c8f9
1016fc.14d4: Machine: 0x8664 - amd64
1116fc.14d4: Timestamp: 0x4ce7c8f9
1216fc.14d4: Image Version: 6.1
1316fc.14d4: SizeOfImage: 0x1a9000 (1740800)
1416fc.14d4: Resource Dir: 0x151000 LB 0x560d8
1516fc.14d4: ProductName: Microsoft® Windows® Operating System
1616fc.14d4: ProductVersion: 6.1.7601.17514
1716fc.14d4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
1816fc.14d4: FileDescription: NT Layer DLL
1916fc.14d4: \SystemRoot\System32\kernel32.dll:
2016fc.14d4: CreationTime: 2010-11-21T03:24:07.965723400Z
2116fc.14d4: LastWriteTime: 2010-11-21T03:24:07.981323400Z
2216fc.14d4: ChangeTime: 2016-09-21T18:35:43.538266700Z
2316fc.14d4: FileAttributes: 0x20
2416fc.14d4: Size: 0x11b800
2516fc.14d4: NT Headers: 0xe8
2616fc.14d4: Timestamp: 0x4ce7c78b
2716fc.14d4: Machine: 0x8664 - amd64
2816fc.14d4: Timestamp: 0x4ce7c78b
2916fc.14d4: Image Version: 6.1
3016fc.14d4: SizeOfImage: 0x11f000 (1175552)
3116fc.14d4: Resource Dir: 0x116000 LB 0x528
3216fc.14d4: ProductName: Microsoft® Windows® Operating System
3316fc.14d4: ProductVersion: 6.1.7601.17514
3416fc.14d4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
3516fc.14d4: FileDescription: Windows NT BASE API Client DLL
3616fc.14d4: \SystemRoot\System32\KernelBase.dll:
3716fc.14d4: CreationTime: 2010-11-21T03:24:26.217755400Z
3816fc.14d4: LastWriteTime: 2010-11-21T03:24:26.248955500Z
3916fc.14d4: ChangeTime: 2016-09-21T18:35:43.569466700Z
4016fc.14d4: FileAttributes: 0x20
4116fc.14d4: Size: 0x66800
4216fc.14d4: NT Headers: 0xf0
4316fc.14d4: Timestamp: 0x4ce7c78c
4416fc.14d4: Machine: 0x8664 - amd64
4516fc.14d4: Timestamp: 0x4ce7c78c
4616fc.14d4: Image Version: 6.1
4716fc.14d4: SizeOfImage: 0x6b000 (438272)
4816fc.14d4: Resource Dir: 0x69000 LB 0x530
4916fc.14d4: ProductName: Microsoft® Windows® Operating System
5016fc.14d4: ProductVersion: 6.1.7601.17514
5116fc.14d4: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
5216fc.14d4: FileDescription: Windows NT BASE API Client DLL
5316fc.14d4: \SystemRoot\System32\apisetschema.dll:
5416fc.14d4: CreationTime: 2009-07-13T23:18:54.866423200Z
5516fc.14d4: LastWriteTime: 2009-07-14T01:24:53.779000000Z
5616fc.14d4: ChangeTime: 2016-09-21T18:35:26.846237400Z
5716fc.14d4: FileAttributes: 0x20
5816fc.14d4: Size: 0x1a00
5916fc.14d4: NT Headers: 0xc0
6016fc.14d4: Timestamp: 0x4a5bdeab
6116fc.14d4: Machine: 0x8664 - amd64
6216fc.14d4: Timestamp: 0x4a5bdeab
6316fc.14d4: Image Version: 6.1
6416fc.14d4: SizeOfImage: 0x50000 (327680)
6516fc.14d4: Resource Dir: 0x30000 LB 0x3f0
6616fc.14d4: ProductName: Microsoft® Windows® Operating System
6716fc.14d4: ProductVersion: 6.1.7600.16385
6816fc.14d4: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
6916fc.14d4: FileDescription: ApiSet Schema DLL
7016fc.14d4: supR3HardenedWinFindAdversaries: 0x0
7116fc.14d4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\BOX'
7216fc.14d4: Calling main()
7316fc.14d4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
7416fc.14d4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\BOX'
7516fc.14d4: SUPR3HardenedMain: Respawn #1
7616fc.14d4: System32: \Device\HarddiskVolume2\Windows\System32
7716fc.14d4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
7816fc.14d4: KnownDllPath: C:\Windows\system32
7916fc.14d4: '\Device\HarddiskVolume2\BOX\VirtualBox.exe' has no imports
8016fc.14d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VirtualBox.exe)
8116fc.14d4: supR3HardNtEnableThreadCreation:
8216fc.14d4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007799c320 pvNtTerminateThread=00000000779c1840
8316fc.14d4: supR3HardenedWinDoReSpawn(1): New child 14d8.171c [kernel32].
8416fc.14d4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
8516fc.14d4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000
8616fc.14d4: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007799c320
8716fc.14d4: supR3HardenedWinSetupChildInit: Start child.
8816fc.14d4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
8916fc.14d4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
9016fc.14d4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
9116fc.14d4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
9216fc.14d4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
9316fc.14d4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
9416fc.14d4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
9516fc.14d4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
9616fc.14d4: 0000000000041000-fffffffffff51fff 0x0001/0x0000 0x0000000
9716fc.14d4: *0000000000130000-0000000000033fff 0x0000/0x0004 0x0020000
9816fc.14d4: 000000000022c000-0000000000229fff 0x0104/0x0004 0x0020000
9916fc.14d4: 000000000022e000-000000000022bfff 0x0004/0x0004 0x0020000
10016fc.14d4: 0000000000230000-ffffffff88aeffff 0x0001/0x0000 0x0000000
10116fc.14d4: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10216fc.14d4: 0000000077971000-0000000077a72fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10316fc.14d4: 0000000077a73000-0000000077aa1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10416fc.14d4: 0000000077aa2000-0000000077aadfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10516fc.14d4: 0000000077aae000-0000000077b18fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
10616fc.14d4: 0000000077b19000-0000000070651fff 0x0001/0x0000 0x0000000
10716fc.14d4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
10816fc.14d4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
10916fc.14d4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
11016fc.14d4: 000000007fff0000-ffffffffc07affff 0x0001/0x0000 0x0000000
11116fc.14d4: *000000013f830000-000000013f830fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11216fc.14d4: 000000013f831000-000000013f89ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11316fc.14d4: 000000013f8a0000-000000013f8a0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11416fc.14d4: 000000013f8a1000-000000013f8e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11516fc.14d4: 000000013f8e6000-000000013f8e6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11616fc.14d4: 000000013f8e7000-000000013f8e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11716fc.14d4: 000000013f8e8000-000000013f8ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11816fc.14d4: 000000013f8ed000-000000013f8edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
11916fc.14d4: 000000013f8ee000-000000013f8eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
12016fc.14d4: 000000013f8ef000-000000013f8f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
12116fc.14d4: 000000013f8f3000-000000013f93afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
12216fc.14d4: 000000013f93b000-fffff8037f5e5fff 0x0001/0x0000 0x0000000
12316fc.14d4: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
12416fc.14d4: 000007feffc91000-000007fdff971fff 0x0001/0x0000 0x0000000
12516fc.14d4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
12616fc.14d4: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
12716fc.14d4: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
12816fc.14d4: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
12916fc.14d4: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
13016fc.14d4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
13116fc.14d4: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
13216fc.14d4: VirtualBox.exe: timestamp 0x58594e7b (rc=VINF_SUCCESS)
13316fc.14d4: '\Device\HarddiskVolume2\BOX\VirtualBox.exe' has no imports
13416fc.14d4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
13516fc.14d4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
13616fc.14d4: supR3HardNtChildPurify: Done after 293 ms and 0 fixes (loop #0).
13714d8.171c: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
13814d8.171c: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db100
13914d8.171c: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
14014d8.171c: New simple heap: #1 0000000000330000 LB 0x400000 (for 1740800 allocation)
14116fc.14d4: supR3HardNtEnableThreadCreation:
14214d8.171c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\BOX'
14314d8.171c: System32: \Device\HarddiskVolume2\Windows\System32
14414d8.171c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
14514d8.171c: KnownDllPath: C:\Windows\system32
14614d8.171c: supR3HardenedVmProcessInit: Opening vboxdrv stub...
14714d8.171c: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
14814d8.171c: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
14914d8.171c: Registered Dll notification callback with NTDLL.
15014d8.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
15114d8.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
15214d8.171c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
15314d8.171c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15414d8.171c: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
15514d8.171c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
15614d8.171c: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
15714d8.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
15814d8.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15914d8.171c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
16014d8.171c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007799c320 pvNtTerminateThread=00000000779c1840
16116fc.14d4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 34 ms.
16214d8.171c: \SystemRoot\System32\ntdll.dll:
16314d8.171c: CreationTime: 2010-11-21T03:23:51.351694200Z
16414d8.171c: LastWriteTime: 2010-11-21T03:23:51.367294200Z
16514d8.171c: ChangeTime: 2016-09-21T18:36:09.855512900Z
16614d8.171c: FileAttributes: 0x20
16714d8.171c: Size: 0x1a6d60
16814d8.171c: NT Headers: 0xe0
16914d8.171c: Timestamp: 0x4ce7c8f9
17014d8.171c: Machine: 0x8664 - amd64
17114d8.171c: Timestamp: 0x4ce7c8f9
17214d8.171c: Image Version: 6.1
17314d8.171c: SizeOfImage: 0x1a9000 (1740800)
17414d8.171c: Resource Dir: 0x151000 LB 0x560d8
17514d8.171c: ProductName: Microsoft® Windows® Operating System
17614d8.171c: ProductVersion: 6.1.7601.17514
17714d8.171c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
17814d8.171c: FileDescription: NT Layer DLL
17914d8.171c: \SystemRoot\System32\kernel32.dll:
18014d8.171c: CreationTime: 2010-11-21T03:24:07.965723400Z
18114d8.171c: LastWriteTime: 2010-11-21T03:24:07.981323400Z
18214d8.171c: ChangeTime: 2016-09-21T18:35:43.538266700Z
18314d8.171c: FileAttributes: 0x20
18414d8.171c: Size: 0x11b800
18514d8.171c: NT Headers: 0xe8
18614d8.171c: Timestamp: 0x4ce7c78b
18714d8.171c: Machine: 0x8664 - amd64
18814d8.171c: Timestamp: 0x4ce7c78b
18914d8.171c: Image Version: 6.1
19014d8.171c: SizeOfImage: 0x11f000 (1175552)
19114d8.171c: Resource Dir: 0x116000 LB 0x528
19214d8.171c: ProductName: Microsoft® Windows® Operating System
19314d8.171c: ProductVersion: 6.1.7601.17514
19414d8.171c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
19514d8.171c: FileDescription: Windows NT BASE API Client DLL
19614d8.171c: \SystemRoot\System32\KernelBase.dll:
19714d8.171c: CreationTime: 2010-11-21T03:24:26.217755400Z
19814d8.171c: LastWriteTime: 2010-11-21T03:24:26.248955500Z
19914d8.171c: ChangeTime: 2016-09-21T18:35:43.569466700Z
20014d8.171c: FileAttributes: 0x20
20114d8.171c: Size: 0x66800
20214d8.171c: NT Headers: 0xf0
20314d8.171c: Timestamp: 0x4ce7c78c
20414d8.171c: Machine: 0x8664 - amd64
20514d8.171c: Timestamp: 0x4ce7c78c
20614d8.171c: Image Version: 6.1
20714d8.171c: SizeOfImage: 0x6b000 (438272)
20814d8.171c: Resource Dir: 0x69000 LB 0x530
20914d8.171c: ProductName: Microsoft® Windows® Operating System
21014d8.171c: ProductVersion: 6.1.7601.17514
21114d8.171c: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
21214d8.171c: FileDescription: Windows NT BASE API Client DLL
21314d8.171c: \SystemRoot\System32\apisetschema.dll:
21414d8.171c: CreationTime: 2009-07-13T23:18:54.866423200Z
21514d8.171c: LastWriteTime: 2009-07-14T01:24:53.779000000Z
21614d8.171c: ChangeTime: 2016-09-21T18:35:26.846237400Z
21714d8.171c: FileAttributes: 0x20
21814d8.171c: Size: 0x1a00
21914d8.171c: NT Headers: 0xc0
22014d8.171c: Timestamp: 0x4a5bdeab
22114d8.171c: Machine: 0x8664 - amd64
22214d8.171c: Timestamp: 0x4a5bdeab
22314d8.171c: Image Version: 6.1
22414d8.171c: SizeOfImage: 0x50000 (327680)
22514d8.171c: Resource Dir: 0x30000 LB 0x3f0
22614d8.171c: ProductName: Microsoft® Windows® Operating System
22714d8.171c: ProductVersion: 6.1.7600.16385
22814d8.171c: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
22914d8.171c: FileDescription: ApiSet Schema DLL
23014d8.171c: supR3HardenedWinFindAdversaries: 0x0
23114d8.171c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\BOX'
23214d8.171c: Calling main()
23314d8.171c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
23414d8.171c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\BOX'
23514d8.171c: '\Device\HarddiskVolume2\BOX\VirtualBox.exe' has no imports
23614d8.171c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VirtualBox.exe)
23714d8.171c: SUPR3HardenedMain: Respawn #2
23814d8.171c: supR3HardNtEnableThreadCreation:
23914d8.171c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
24014d8.171c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
24114d8.171c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
24214d8.171c: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
24314d8.171c: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
24414d8.171c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
24514d8.171c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd790000 'C:\Windows\system32\apphelp.dll'
24614d8.171c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007799c320 pvNtTerminateThread=00000000779c1840
24714d8.171c: supR3HardenedWinDoReSpawn(2): New child 151c.15c8 [kernel32].
24814d8.171c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
24914d8.171c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077970000 uNtDllChildAddr=0000000077970000
25014d8.171c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007799c320
25114d8.171c: supR3HardenedWinSetupChildInit: Start child.
25214d8.171c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
25314d8.171c: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
25414d8.171c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
25514d8.171c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
25614d8.171c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
25714d8.171c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
25814d8.171c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
25914d8.171c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
26014d8.171c: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
26114d8.171c: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
26214d8.171c: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000
26314d8.171c: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000
26414d8.171c: 00000000002f0000-ffffffff88c6ffff 0x0001/0x0000 0x0000000
26514d8.171c: *0000000077970000-0000000077970fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26614d8.171c: 0000000077971000-0000000077a72fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26714d8.171c: 0000000077a73000-0000000077aa1fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26814d8.171c: 0000000077aa2000-0000000077aadfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
26914d8.171c: 0000000077aae000-0000000077b18fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
27014d8.171c: 0000000077b19000-0000000070651fff 0x0001/0x0000 0x0000000
27114d8.171c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
27214d8.171c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
27314d8.171c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
27414d8.171c: 000000007fff0000-ffffffffc07affff 0x0001/0x0000 0x0000000
27514d8.171c: *000000013f830000-000000013f830fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
27614d8.171c: 000000013f831000-000000013f89ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
27714d8.171c: 000000013f8a0000-000000013f8a0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
27814d8.171c: 000000013f8a1000-000000013f8e5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
27914d8.171c: 000000013f8e6000-000000013f8e6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28014d8.171c: 000000013f8e7000-000000013f8e7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28114d8.171c: 000000013f8e8000-000000013f8ecfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28214d8.171c: 000000013f8ed000-000000013f8edfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28314d8.171c: 000000013f8ee000-000000013f8eefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28414d8.171c: 000000013f8ef000-000000013f8f2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28514d8.171c: 000000013f8f3000-000000013f93afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\BOX\VirtualBox.exe
28614d8.171c: 000000013f93b000-fffff8037f5e5fff 0x0001/0x0000 0x0000000
28714d8.171c: *000007feffc90000-000007feffc90fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
28814d8.171c: 000007feffc91000-000007fdff971fff 0x0001/0x0000 0x0000000
28914d8.171c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
29014d8.171c: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
29114d8.171c: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
29214d8.171c: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
29314d8.171c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
29414d8.171c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
29514d8.171c: apisetschema.dll: timestamp 0x4a5bdeab (rc=VINF_SUCCESS)
29614d8.171c: VirtualBox.exe: timestamp 0x58594e7b (rc=VINF_SUCCESS)
29714d8.171c: '\Device\HarddiskVolume2\BOX\VirtualBox.exe' has no imports
29814d8.171c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
29914d8.171c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
30014d8.171c: supR3HardNtChildPurify: Done after 292 ms and 0 fixes (loop #0).
301151c.15c8: Log file opened: 5.1.12r112440 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
302151c.15c8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077970000 g_uNtVerCombined=0x611db100
303151c.15c8: ntdll.dll: timestamp 0x4ce7c8f9 (rc=VINF_SUCCESS)
304151c.15c8: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1740800 allocation)
30514d8.171c: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000)
30614d8.171c: supR3HardNtEnableThreadCreation:
307151c.15c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\BOX'
308151c.15c8: System32: \Device\HarddiskVolume2\Windows\System32
309151c.15c8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
310151c.15c8: KnownDllPath: C:\Windows\system32
311151c.15c8: supR3HardenedVmProcessInit: Opening vboxdrv...
312151c.15c8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
313151c.15c8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
314151c.15c8: Registered Dll notification callback with NTDLL.
315151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
316151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
317151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
318151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
319151c.15c8: supR3HardenedDllNotificationCallback: load 0000000077750000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
320151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
321151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefdb80000 LB 0x0006b000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
322151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
323151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
324151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
325151c.15c8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007799c320 pvNtTerminateThread=00000000779c1840
32614d8.171c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 39 ms.
327151c.15c8: \SystemRoot\System32\ntdll.dll:
328151c.15c8: CreationTime: 2010-11-21T03:23:51.351694200Z
329151c.15c8: LastWriteTime: 2010-11-21T03:23:51.367294200Z
330151c.15c8: ChangeTime: 2016-09-21T18:36:09.855512900Z
331151c.15c8: FileAttributes: 0x20
332151c.15c8: Size: 0x1a6d60
333151c.15c8: NT Headers: 0xe0
334151c.15c8: Timestamp: 0x4ce7c8f9
335151c.15c8: Machine: 0x8664 - amd64
336151c.15c8: Timestamp: 0x4ce7c8f9
337151c.15c8: Image Version: 6.1
338151c.15c8: SizeOfImage: 0x1a9000 (1740800)
339151c.15c8: Resource Dir: 0x151000 LB 0x560d8
340151c.15c8: ProductName: Microsoft® Windows® Operating System
341151c.15c8: ProductVersion: 6.1.7601.17514
342151c.15c8: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
343151c.15c8: FileDescription: NT Layer DLL
344151c.15c8: \SystemRoot\System32\kernel32.dll:
345151c.15c8: CreationTime: 2010-11-21T03:24:07.965723400Z
346151c.15c8: LastWriteTime: 2010-11-21T03:24:07.981323400Z
347151c.15c8: ChangeTime: 2016-09-21T18:35:43.538266700Z
348151c.15c8: FileAttributes: 0x20
349151c.15c8: Size: 0x11b800
350151c.15c8: NT Headers: 0xe8
351151c.15c8: Timestamp: 0x4ce7c78b
352151c.15c8: Machine: 0x8664 - amd64
353151c.15c8: Timestamp: 0x4ce7c78b
354151c.15c8: Image Version: 6.1
355151c.15c8: SizeOfImage: 0x11f000 (1175552)
356151c.15c8: Resource Dir: 0x116000 LB 0x528
357151c.15c8: ProductName: Microsoft® Windows® Operating System
358151c.15c8: ProductVersion: 6.1.7601.17514
359151c.15c8: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
360151c.15c8: FileDescription: Windows NT BASE API Client DLL
361151c.15c8: \SystemRoot\System32\KernelBase.dll:
362151c.15c8: CreationTime: 2010-11-21T03:24:26.217755400Z
363151c.15c8: LastWriteTime: 2010-11-21T03:24:26.248955500Z
364151c.15c8: ChangeTime: 2016-09-21T18:35:43.569466700Z
365151c.15c8: FileAttributes: 0x20
366151c.15c8: Size: 0x66800
367151c.15c8: NT Headers: 0xf0
368151c.15c8: Timestamp: 0x4ce7c78c
369151c.15c8: Machine: 0x8664 - amd64
370151c.15c8: Timestamp: 0x4ce7c78c
371151c.15c8: Image Version: 6.1
372151c.15c8: SizeOfImage: 0x6b000 (438272)
373151c.15c8: Resource Dir: 0x69000 LB 0x530
374151c.15c8: ProductName: Microsoft® Windows® Operating System
375151c.15c8: ProductVersion: 6.1.7601.17514
376151c.15c8: FileVersion: 6.1.7601.17514 (win7sp1_rtm.101119-1850)
377151c.15c8: FileDescription: Windows NT BASE API Client DLL
378151c.15c8: \SystemRoot\System32\apisetschema.dll:
379151c.15c8: CreationTime: 2009-07-13T23:18:54.866423200Z
380151c.15c8: LastWriteTime: 2009-07-14T01:24:53.779000000Z
381151c.15c8: ChangeTime: 2016-09-21T18:35:26.846237400Z
382151c.15c8: FileAttributes: 0x20
383151c.15c8: Size: 0x1a00
384151c.15c8: NT Headers: 0xc0
385151c.15c8: Timestamp: 0x4a5bdeab
386151c.15c8: Machine: 0x8664 - amd64
387151c.15c8: Timestamp: 0x4a5bdeab
388151c.15c8: Image Version: 6.1
389151c.15c8: SizeOfImage: 0x50000 (327680)
390151c.15c8: Resource Dir: 0x30000 LB 0x3f0
391151c.15c8: ProductName: Microsoft® Windows® Operating System
392151c.15c8: ProductVersion: 6.1.7600.16385
393151c.15c8: FileVersion: 6.1.7600.16385 (win7_rtm.090713-1255)
394151c.15c8: FileDescription: ApiSet Schema DLL
395151c.15c8: supR3HardenedWinFindAdversaries: 0x0
396151c.15c8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\BOX'
397151c.15c8: Calling main()
398151c.15c8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
399151c.15c8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\BOX'
400151c.15c8: '\Device\HarddiskVolume2\BOX\VirtualBox.exe' has no imports
401151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VirtualBox.exe)
402151c.15c8: SUPR3HardenedMain: Final process, opening VBoxDrv...
403151c.15c8: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
404151c.15c8: supR3HardNtEnableThreadCreation:
405151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VBoxSupLib.dll)
406151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\VBoxSupLib.dll
407151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
408151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxSupLib.dll [lacks WinVerifyTrust]
409151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef37f0000 LB 0x00005000 C:\BOX\VBoxSupLib.DLL [fFlags=0x0]
410151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxSupLib.dll [lacks WinVerifyTrust]
411151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxSupLib.dll [lacks WinVerifyTrust]
412151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
413151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\BOX\VBoxSupLib.DLL'
414151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxSupLib.dll [lacks WinVerifyTrust]
415151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
416151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\BOX\VBoxSupLib.DLL'
417151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef37f0000 'C:\BOX\VBoxSupLib.DLL'
418151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
419151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
420151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
421151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
422151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
423151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
424151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
425151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
426151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
427151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
428151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
429151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
430151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
431151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
432151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
433151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
434151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
435151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
436151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
437151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
438151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
439151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
440151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
441151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
442151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
443151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
444151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
445151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
446151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
447151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
448151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
449151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
450151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd970000 LB 0x0003a000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
451151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
452151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff080000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
453151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
454151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefda10000 LB 0x00167000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
455151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
456151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd960000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
457151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
458151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff120000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
459151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
460151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
461151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
462151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
463151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
464151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
465151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
466151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
467151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
468151c.15c8: bcrypt.dll loaded at 000007fefd2e0000, BCryptOpenAlgorithmProvider at 000007fefd2e2640, preloading providers:
469151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
470151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
471151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
472151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
473151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
474151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
475151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
476151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
477151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
478151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
479151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
480151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
481151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
482151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
483151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
484151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
485151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
486151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
487151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
488151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
489151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
490151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
491151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
492151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff4e0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
493151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
494151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
495151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
496151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
497151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
498151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff060000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
499151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
500151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\Windows\system32\bcryptprimitives.dll'
501151c.15c8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000076ad70)
502151c.15c8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000076c600)
503151c.15c8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000076c720)
504151c.15c8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000076c930)
505151c.15c8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000076ca50)
506151c.15c8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000076cb70)
507151c.15c8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000076cdb0)
508151c.15c8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000076ced0)
509151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
510151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
511151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
512151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
513151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
514151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
515151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
516151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
517151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
518151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
519151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd190000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
520151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
521151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
522151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
523151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
524151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
525151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
526151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
527151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
528151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
529151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
530151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefce90000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
531151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
532151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce90000 'C:\Windows\system32\rsaenh.dll'
533151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
534151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
535151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\ADVAPI32.dll'
536151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
537151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
538151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
539151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
540151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd7f0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
541151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
542151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
543151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
544151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
545151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'C:\Windows\system32\kernel32.dll'
546151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
547151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
548151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\WINTRUST.DLL'
549151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
550151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
551151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\CRYPT32.dll'
552151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
553151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
554151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
555151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
556151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
557151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
558151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
559151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
560151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefef70000 LB 0x00017000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
561151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
562151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef70000 'C:\Windows\system32\imagehlp.dll'
563151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
564151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
565151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd190000 'C:\Windows\system32\CRYPTSP.dll'
566151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
567151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
568151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
569151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
570151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
571151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
572151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
573151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
574151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
575151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
576151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
577151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
578151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
579151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
580151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
581151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
582151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
583151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
584151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
585151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
586151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
587151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
588151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
589151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
590151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
591151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
592151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
593151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
594151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
595151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
596151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
597151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
598151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
599151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
600151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
601151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
602151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
603151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
604151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
605151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
606151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
607151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
608151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
609151c.15c8: supR3HardenedDllNotificationCallback: load 0000000077870000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
610151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
611151c.15c8: supR3HardenedDllNotificationCallback: load 000007feffc00000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
612151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
613151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff8d0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
614151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
615151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefef90000 LB 0x000c9000 C:\Windows\system32\USP10.dll [fFlags=0x0]
616151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
617151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
618151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
619151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffc00000 'C:\Windows\system32\gdi32.dll'
620151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
621151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
622151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
623151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
624151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
625151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
626151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
627151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
628151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
629151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
630151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
631151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
632151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
633151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
634151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
635151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
636151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
637151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
638151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
639151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
640151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
641151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
642151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
643151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
644151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
645151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
646151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
647151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
648151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
649151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
650151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
651151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
652151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
653151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff4b0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
654151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
655151c.15c8: supR3HardenedDllNotificationCallback: load 000007feffaf0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
656151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
657151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'C:\Windows\system32\IMM32.DLL'
658151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077870000 'C:\Windows\system32\USER32.dll'
659151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
660151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
661151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
662151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
663151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
664151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
665151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
666151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
667151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
668151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
669151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
670151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
671151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
672151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
673151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
674151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
675151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x0004e000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
676151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
677151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\Windows\system32\ncrypt.dll'
678151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
679151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
680151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\bcrypt.dll'
681151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
682151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
683151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
684151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
685151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
686151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
687151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
688151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
689151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
690151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
691151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
692151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
693151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
694151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
695151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
696151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
697151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
698151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
699151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
700151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
701151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
702151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
703151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
704151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
705151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd8c0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
706151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
707151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\Windows\system32\USERENV.dll'
708151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
709151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
710151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
711151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
712151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
713151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
714151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
715151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
716151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
717151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
718151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
719151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
720151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
721151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
722151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
723151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
724151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefcbf0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
725151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
726151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbf0000 'C:\Windows\system32\GPAPI.dll'
727151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
728151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-WIN-Service-Management-L1-1-0.dll'
729151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
730151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
731151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff120000 'C:\Windows\system32\rpcrt4.dll'
732151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
733151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-WIN-Service-Management-L2-1-0.dll'
734151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
735151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
736151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
737151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'crypt32.dll'.
738151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'wldap32.dll'.
739151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
740151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
741151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
742151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
743151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
744151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
745151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
746151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
747151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
748151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
749151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
750151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
751151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
752151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
753151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
754151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
755151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
756151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
757151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef1dc0000 LB 0x00026000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
758151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
759151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff250000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
760151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
761151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
762151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
763151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
764151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
765151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
766151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
767151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
768151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
769151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
770151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
771151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
772151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
773151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
774151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
775151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
776151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
777151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x1002 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
778151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
779151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
780151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
781151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
782151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
783151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
784151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
785151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
786151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
787151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
788151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
789151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
790151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
791151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
792151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
793151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
794151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
795151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
796151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
797151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
798151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
799151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
800151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
801151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
802151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
803151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
804151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
805151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
806151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefdc90000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
807151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
808151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdc90000 'C:\Windows\system32\SHLWAPI.dll'
809151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
810151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
811151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
812151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
813151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\profapi.dll'
814151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
815151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
816151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
817151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
818151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
819151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
820151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
821151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
822151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
823151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
824151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
825151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
826151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
827151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
828151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
829151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
830151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
831151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
832151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
833151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
834151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
835151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
836151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
837151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
838151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
839151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
840151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
841151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
842151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
843151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
844151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
845151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
846151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
847151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
848151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
849151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
850151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
851151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
852151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
853151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
854151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
855151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
856151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
857151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
858151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
859151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
860151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
861151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
862151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
863151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
864151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
865151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
866151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
867151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
868151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
869151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
870151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
871151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
872151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
873151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
874151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
875151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
876151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
877151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
878151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
879151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
880151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
881151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
882151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
883151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
884151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
885151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
886151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
887151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
888151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
889151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
890151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
891151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
892151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
893151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
894151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
895151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
896151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
897151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
898151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
899151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
900151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
901151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
902151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
903151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
904151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\setupapi.dll (Input=setupapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
905151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
906151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff5c0000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [fFlags=0x0]
907151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
908151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
909151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
910151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
911151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
912151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff8e0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
913151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
914151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd9f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
915151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
916151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
917151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
918151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff5c0000 'C:\Windows\system32\setupapi.dll'
919151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
920151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
921151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
922151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
923151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
924151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
925151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Cabinet.dll (Input=Cabinet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
926151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
927151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef1c20000 LB 0x0001b000 C:\Windows\system32\Cabinet.dll [fFlags=0x0]
928151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cabinet.dll [lacks WinVerifyTrust]
929151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c20000 'C:\Windows\system32\Cabinet.dll'
930151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
931151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
932151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
933151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
934151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
935151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
936151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\DEVRTL.dll (Input=DEVRTL.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
937151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
938151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefcc30000 LB 0x00012000 C:\Windows\system32\DEVRTL.dll [fFlags=0x0]
939151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [lacks WinVerifyTrust]
940151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc30000 'C:\Windows\system32\DEVRTL.dll'
941151c.15c8: supR3HardenedDllNotificationCallback: Unload 000007feff5c0000 LB 0x001d7000 C:\Windows\system32\setupapi.dll [flags=0x0]
942151c.15c8: supR3HardenedDllNotificationCallback: Unload 000007fefd9f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [flags=0x0]
943151c.15c8: supR3HardenedDllNotificationCallback: Unload 000007feff3d0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [flags=0x0]
944151c.15c8: supR3HardenedDllNotificationCallback: Unload 000007feff8e0000 LB 0x00203000 C:\Windows\system32\ole32.dll [flags=0x0]
945151c.15c8: supR3HardenedDllNotificationCallback: Unload 000007fefd9b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [flags=0x0]
946151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
947151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1dc0000 'C:\Windows\system32\cryptnet.dll'
948151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
949151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000765210
950151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
951151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6463B603CF12442718467D754A1EDC45CE1D6E7E
952151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
953151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
954151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
955151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-WIN-Service-Management-L1-1-0.dll'
956151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
957151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
958151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
959151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
960151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\ADVAPI32.dll'
961151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
962151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
963151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
964151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff060000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
965151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\SystemRoot\System32\ntdll.dll'
966151c.15c8: g_pfnWinVerifyTrust=000007fefd971010
967151c.15c8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
968151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
969151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
970151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
971151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=766DAE0DAEDFFD0DB96611658C619DD5922D2FEC
972151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
973151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
974151c.15c8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
975151c.15c8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
976151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
977151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
978151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
979151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E8D9B442D9CC38B2D0501106E104A42A4EE0B238
980151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
981151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
982151c.15c8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
983151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003f4 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
984151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
985151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
986151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
987151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
988151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
989151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
990151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e8 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
991151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
992151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
993151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
994151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
995151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
996151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
997151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003ac pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
998151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
999151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1000151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
1001151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1002151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1003151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1004151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1005151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1006151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1007151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1008151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1009151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1010151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1011151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1012151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1013151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1014151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26A5C3FE898CBD66951D3BC65E742E0BE561E69B
1015151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1016151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1017151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1018151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1019151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1020151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1021151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1022151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1023151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1024151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1025151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000039c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1026151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1027151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1028151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1029151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1030151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1031151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1032151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1033151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1034151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1035151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1036151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1037151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1038151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1039151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1040151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1041151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1042151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1043151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1044151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1045151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1046151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1047151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1048151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1049151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CA2FE16E05087DA5C24DC5EB2EE8053CDA5DE9A9
1050151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1051151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1052151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1053151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1054151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1055151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1056151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=470795C189226F7BDB8E50F42104CC34488B9340
1057151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1058151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1059151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1060151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1061151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1062151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1063151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1064151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1065151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1066151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1067151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1068151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1069151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1070151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1071151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1072151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1073151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1074151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1075151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1076151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1077151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3D482C50075646C922DC6A66C97956C5060C361B
1078151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1079151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1080151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1081151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1082151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1083151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1084151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
1085151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1086151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1087151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1088151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1089151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1090151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1091151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1092151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1093151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1094151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1095151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1096151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1097151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1098151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=97AE9B5B40144F2794F30A891013393C80D631A1
1099151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1100151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1101151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1102151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1103151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1104151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1105151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A42DFBB8A3A26D2178D79D34DA1CE275E2A0BE37
1106151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1107151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1108151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1109151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1110151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1111151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1112151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8F7179D2AEB0FEB168A01D182223AC2D7B8F331
1113151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1114151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1115151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1116151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1117151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1118151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1119151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1120151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
1121151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000765210
1122151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1123151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
1124151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
1125151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
1126151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1127151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1128151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1129151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1130151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AFE89CF1060867A10BD3963894BCDB4D3058F804
1131151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1132151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1133151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1134151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1135151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1136151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1137151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A965CC5DB13A5FB23BBB1B6B5FA6D400DC49462F
1138151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1139151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1140151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1141151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1142151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000012c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1143151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1144151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1145151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
1146151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1147151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1148151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1149151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1150151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1151151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1152151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1153151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1154151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1155151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1156151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1157151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1158151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1159151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBCDF817D89920EE3139FB7E090744EB36A4A21B
1160151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1161151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1162151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1163151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1164151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1165151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1166151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1167151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1168151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1169151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1170151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1171151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1172151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1173151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1174151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBEAC8C0FA88C88B540ACFE0683B1810C077AA53
1175151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1176151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1177151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1178151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1179151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1180151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1181151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1182151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1183151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1184151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1185151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1186151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1187151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1188151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BC4D9E909DFDD2EE8BA1A5C857D73D49EBE7952C
1189151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1190151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1191151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1192151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\BOX\VBoxSupLib.dll'
1193151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1194151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1195151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1196151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=06FEC3C858DB28D2F4BFBDA99AF14D4747A8C5D4
1197151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1198151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1199151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1200151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1201151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1202151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1203151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D7AE634A00F24BBD4AE27DEA9BCCCE222DE9897B
1204151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1205151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1206151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1207151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1208151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1209151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\crypt32.dll'
1210151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1211151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1212151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1213151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1214151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1215151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1216151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1217151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1218151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
1219151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1220151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1221151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1222151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1223151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1224151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
1225151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1226151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1227151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1228151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1229151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1230151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1231151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1232151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1233151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1234151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1235151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1236151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1237151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1238151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1239151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1240151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1241151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x75f4feca85b98900 C=SI, O=Halcom, CN=Halcom Root CA
1242151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1243151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1244151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1245151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1246151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1247151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1248151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1249151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1250151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
1251151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1252151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1253151c.15c8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1254151c.15c8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=44
1255151c.15c8: SUPR3HardenedMain: Load Runtime...
1256151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1257151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1258151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1259151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1260151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VBoxRT.dll) WinVerifyTrust
1261151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\VBoxRT.dll
1262151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1263151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1264151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1265151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1266151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1267151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1268151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1269151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3EF3BDC1E84DFA17EA056313214EE88EC3E66F79
1270151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1271151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1272151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1273151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1274151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1275151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1276151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1277151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1278151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\BOX\msvcp100.dll' [rcNtRedir=0xc0150008]
1279151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1280151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\msvcp100.dll) WinVerifyTrust
1281151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\msvcp100.dll
1282151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1283151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1284151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\msvcr100.dll) WinVerifyTrust
1285151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\msvcr100.dll
1286151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1287151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1288151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1289151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1290151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1291151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003e0 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1292151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1293151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1294151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1295151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1296151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1297151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1298151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1299151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1300151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1301151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1302151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1303151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1304151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1305151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee8410000 LB 0x0052e000 C:\BOX\VBoxRT.dll [fFlags=0x0]
1306151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1307151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1308151c.15c8: supR3HardenedDllNotificationCallback: load 00000000645a0000 LB 0x000d2000 C:\BOX\MSVCR100.dll [fFlags=0x0]
1309151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1310151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1311151c.15c8: supR3HardenedDllNotificationCallback: load 0000000068cf0000 LB 0x00098000 C:\BOX\MSVCP100.dll [fFlags=0x0]
1312151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1313151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefe0f0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
1314151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1315151c.15c8: supR3HardenedDllNotificationCallback: load 000007feffc70000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
1316151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1317151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1318151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1319151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1320151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1321151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1322151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1323151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1324151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1325151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1326151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1327151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1328151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1329151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1330151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1331151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1332151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1333151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1334151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1335151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1336151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1337151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1338151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1339151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1340151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1341151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1342151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1343151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1344151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1345151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1346151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1347151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1348151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1349151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1350151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1351151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1352151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1353151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1354151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1355151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1356151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1357151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1358151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1359151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1360151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VBoxRT.dll
1361151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724060:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;.;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1362151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1363151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1364151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1365151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8410000 'C:\BOX\VBoxRT.dll'
1366151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1367151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1368151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd970000 'C:\Windows\system32\Wintrust.dll'
1369151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1370151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1371151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda10000 'C:\Windows\system32\crypt32.dll'
1372151c.15c8: SUPR3HardenedMain: Load TrustedMain...
1373151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1374151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1375151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1376151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1377151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1378151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1379151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1380151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1381151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1382151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1383151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1384151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1385151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1386151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1387151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1388151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\VirtualBox.dll) WinVerifyTrust
1389151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\VirtualBox.dll
1390151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1391151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1392151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1393151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1394151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1395151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1396151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1397151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1398151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1399151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1400151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1401151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1402151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1403151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1404151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1405151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1406151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1407151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1408151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1409151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1410151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1411151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1412151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1413151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCF00DB9BBECF4126AB4076577BBA73C0F94BDF9
1414151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1415151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1416151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1417151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1418151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1419151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1420151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1421151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1422151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1423151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1424151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1425151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1426151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1427151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1428151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1429151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1430151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1431151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1432151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1433151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\Qt5OpenGLVBox.dll) WinVerifyTrust
1434151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\Qt5OpenGLVBox.dll
1435151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1436151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1437151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1438151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1439151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1440151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1441151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1442151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1443151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1444151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1445151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\Qt5PrintSupportVBox.dll) WinVerifyTrust
1446151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\Qt5PrintSupportVBox.dll
1447151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1448151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1449151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1450151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1451151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1452151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1453151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1454151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1455151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1456151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll) WinVerifyTrust
1457151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll
1458151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1459151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1460151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1461151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1462151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1463151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1464151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1465151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1466151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1467151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll) WinVerifyTrust
1468151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1469151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1470151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1471151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1472151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1473151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1474151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1475151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1476151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1477151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1478151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1479151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll) WinVerifyTrust
1480151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1481151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1482151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1483151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1484151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1485151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\BOX\msvcp100.dll' [rcNtRedir=0xc0150008]
1486151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1487151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1488151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\BOX\vboxrt.dll' [rcNtRedir=0xc0150008]
1489151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1490151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1491151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000440 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1492151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1493151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1494151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1495151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1496151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1497151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1498151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1499151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1500151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1501151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1502151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1503151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1504151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1505151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1506151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1507151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1508151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1509151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000044c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1510151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1511151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1512151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1513151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1514151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1515151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1516151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1517151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1518151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1519151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1520151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1521151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1522151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1523151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1524151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1525151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1526151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1527151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1528151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1529151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1530151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1531151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1532151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1533151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1534151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1535151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1536151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1537151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1538151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1539151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1540151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1541151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1542151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1543151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1544151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1545151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1546151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1547151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\BOX\msvcp100.dll' [rcNtRedir=0xc0150008]
1548151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1549151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1550151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1551151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1552151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1553151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1554151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1555151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1556151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1557151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1558151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1559151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1560151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1561151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1562151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1563151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1564151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1565151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1566151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1567151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1568151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1569151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1570151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1571151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1572151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1573151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1574151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1575151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1576151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1577151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\BOX\msvcp100.dll' [rcNtRedir=0xc0150008]
1578151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1579151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1580151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1581151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1582151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1583151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1584151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1585151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1586151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1587151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1588151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1589151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1590151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1591151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1592151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1593151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1594151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1595151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1596151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\BOX\msvcp100.dll' [rcNtRedir=0xc0150008]
1597151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcp100.dll
1598151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1599151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1600151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1601151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1602151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1603151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1604151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1605151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1606151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1607151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1608151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1609151c.15c8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1610151c.15c8: Error (rc=0):
1611151c.15c8: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
1612151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1613151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1614151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1615151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1616151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\msvcr100.dll
1617151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1618151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1619151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1620151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1621151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1622151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1623151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1624151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1625151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1626151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1627151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1628151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1629151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1630151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1631151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1632151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1633151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1634151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1635151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1636151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1637151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1638151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1639151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1640151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1641151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1642151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1643151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1644151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1645151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1646151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1647151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1648151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1649151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1650151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1651151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1652151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1653151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1654151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll
1655151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1656151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1657151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1658151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1659151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1660151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1661151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1662151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1663151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1664151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1665151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1666151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1667151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1668151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1669151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll
1670151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1671151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1672151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1673151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1674151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1675151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1676151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1677151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1678151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1679151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1680151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1681151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1682151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1683151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1684151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1685151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1686151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1687151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1688151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1689151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1690151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1691151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1692151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1693151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1694151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1695151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1696151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1697151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1698151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D3B2DA266DE92D9E1311E30C810160CDC5BD5AA
1699151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1700151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1701151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1702151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1703151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1704151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1705151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1706151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1707151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1708151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1709151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1710151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1711151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1712151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1713151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1714151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1715151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1716151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1717151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1718151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1719151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1720151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1721151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1722151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1723151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1724151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1725151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1726151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1727151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1728151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1729151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1730151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1731151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1732151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1733151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1734151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1735151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1736151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1737151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1738151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1739151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1740151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1741151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1742151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1743151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1744151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1745151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3FEC714D729F7CAEB9B7A25E2012B6A6E9007F5
1746151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1747151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1748151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1749151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1750151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1751151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1752151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1753151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1754151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1755151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1756151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1757151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1758151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1759151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1760151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1761151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1762151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1763151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1764151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1765151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1766151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1767151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1768151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1769151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1770151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1771151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1772151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1773151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1774151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1775151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1776151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1777151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1778151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VirtualBox.dll
1779151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee6860000 LB 0x008e6000 C:\BOX\VirtualBox.dll [fFlags=0x0]
1780151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\VirtualBox.dll
1781151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1782151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee9dc0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
1783151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1784151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1785151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef37c0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
1786151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1787151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1788151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee9cc0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
1789151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1790151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1791151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef37b0000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
1792151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1793151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff5c0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
1794151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1795151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
1796151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1797151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
1798151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1799151c.15c8: supR3HardenedDllNotificationCallback: load 000007feff8e0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
1800151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1801151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefd9f0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
1802151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1803151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1804151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefbc40000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
1805151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1806151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1807151c.15c8: supR3HardenedDllNotificationCallback: load 000000005ecd0000 LB 0x00566000 C:\BOX\Qt5CoreVBox.dll [fFlags=0x0]
1808151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1809151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefe1e0000 LB 0x00d88000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
1810151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1811151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1812151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef9040000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
1813151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1814151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1815151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee7e10000 LB 0x005f7000 C:\BOX\Qt5GuiVBox.dll [fFlags=0x0]
1816151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1817151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll
1818151c.15c8: supR3HardenedDllNotificationCallback: load 000000005e760000 LB 0x00561000 C:\BOX\Qt5WidgetsVBox.dll [fFlags=0x0]
1819151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5WidgetsVBox.dll
1820151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5PrintSupportVBox.dll
1821151c.15c8: supR3HardenedDllNotificationCallback: load 000007feeada0000 LB 0x00051000 C:\BOX\Qt5PrintSupportVBox.dll [fFlags=0x0]
1822151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5PrintSupportVBox.dll
1823151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1824151c.15c8: supR3HardenedDllNotificationCallback: load 000007fef9b90000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
1825151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
1826151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefe140000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
1827151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1828151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1829151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1830151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1831151c.15c8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll)
1832151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
1833151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee9c20000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\COMCTL32.dll [fFlags=0x0]
1834151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll [avoiding WinVerifyTrust]
1835151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5OpenGLVBox.dll
1836151c.15c8: supR3HardenedDllNotificationCallback: load 0000000068c30000 LB 0x00054000 C:\BOX\Qt5OpenGLVBox.dll [fFlags=0x0]
1837151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5OpenGLVBox.dll
1838151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1839151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefb6e0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
1840151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1841151c.15c8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll'.
1842151c.15c8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll' [rescheduled]
1843151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1844151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077750000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1845151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1846151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1847151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1848151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1849151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1850151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1851151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1852151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1853151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4b0000 'C:\Windows\system32\imm32.dll'
1854151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\ADVAPI32.DLL'
1855151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1856151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1857151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\cryptbase.dll'
1858151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6860000 'C:\BOX\VirtualBox.dll'
1859151c.15c8: SUPR3HardenedMain: Calling TrustedMain (000007fee6861610)...
1860151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1861151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1862151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff8e0000 'C:\Windows\system32\ole32.dll'
1863151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\ADVAPI32.dll'
1864151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
1865151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1866151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\profapi.dll'
1867151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1868151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
1869151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1870151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
1871151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
1872151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
1873151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1874151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
1875151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
1876151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
1877151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
1878151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\BOX\platforms\qwindows.dll) WinVerifyTrust
1879151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\BOX\platforms\qwindows.dll
1880151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1881151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\BOX\msvcr100.dll' [rcNtRedir=0xc0150008]
1882151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1883151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1884151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5CoreVBox.dll
1885151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1886151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\BOX\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1887151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\Qt5GuiVBox.dll
1888151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1889151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1890151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1891151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1892151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1893151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1894151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1895151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1896151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1897151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1898151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
1899151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1900151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1901151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
1902151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1903151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1904151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1905151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1906151c.15c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1907151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1908151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1909151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\BOX\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1910151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\platforms\qwindows.dll
1911151c.15c8: supR3HardenedDllNotificationCallback: load 000007fee9600000 LB 0x0012e000 C:\BOX\platforms\qwindows.dll [fFlags=0x0]
1912151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\BOX\platforms\qwindows.dll
1913151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9600000 'C:\BOX\platforms\qwindows.dll'
1914151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1915151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000724040:C:\BOX;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1916151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\Windows\system32\CRYPTBASE.dll'
1917151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1918151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000765210
1919151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000765210
1920151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
1921151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
1922151c.15c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1923151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1924151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1925151c.15c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
1926151c.15c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
1927151c.15c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1928151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1929151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1930151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1931151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1932151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1933151c.15c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1934151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f84f0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1935151c.15c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1936151c.15c8: supR3HardenedDllNotificationCallback: load 000007fefc030000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
1937151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1938151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc030000 'C:\Windows\system32\uxtheme.dll'
1939151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1940151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f84f0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1941151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc030000 'C:\Windows\system32\uxtheme.dll'
1942151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1943151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f84f0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1944151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc030000 'C:\Windows\system32\uxtheme.dll'
1945151c.15c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
1946151c.15c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000007f84f0:C:\Windows\system32;;C:\Windows\system32;C:\Windows\system;C:\Windows;C:\Program Files (x86)\Common Files\Intel\Shared Files\cpp\bin\Intel64;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Skype\Phone\ [calling]
1947151c.15c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc030000 'C:\Windows\system32\uxtheme.dll'
194814d8.171c: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1034 ms, the end);
194916fc.14d4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1380 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy