VirtualBox

Ticket #15869: vbox_hardening.log

File vbox_hardening.log, 346.1 KB (added by the_real_spiffytech, 8 years ago)

vbox_hardening.log

Line 
1d78.1064: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2d78.1064: \SystemRoot\System32\ntdll.dll:
3d78.1064: CreationTime: 2016-05-11T13:52:03.246428900Z
4d78.1064: LastWriteTime: 2016-04-09T06:59:27.660769000Z
5d78.1064: ChangeTime: 2016-05-11T14:00:44.540966800Z
6d78.1064: FileAttributes: 0x20
7d78.1064: Size: 0x1a7100
8d78.1064: NT Headers: 0xe0
9d78.1064: Timestamp: 0x5708a857
10d78.1064: Machine: 0x8664 - amd64
11d78.1064: Timestamp: 0x5708a857
12d78.1064: Image Version: 6.1
13d78.1064: SizeOfImage: 0x1aa000 (1744896)
14d78.1064: Resource Dir: 0x14e000 LB 0x5a028
15d78.1064: ProductName: Microsoft® Windows® Operating System
16d78.1064: ProductVersion: 6.1.7601.23418
17d78.1064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
18d78.1064: FileDescription: NT Layer DLL
19d78.1064: \SystemRoot\System32\kernel32.dll:
20d78.1064: CreationTime: 2016-05-11T13:52:02.723533500Z
21d78.1064: LastWriteTime: 2016-04-09T06:57:53.879000000Z
22d78.1064: ChangeTime: 2016-05-11T14:00:45.149288800Z
23d78.1064: FileAttributes: 0x20
24d78.1064: Size: 0x11c000
25d78.1064: NT Headers: 0xe0
26d78.1064: Timestamp: 0x5708a89b
27d78.1064: Machine: 0x8664 - amd64
28d78.1064: Timestamp: 0x5708a89b
29d78.1064: Image Version: 6.1
30d78.1064: SizeOfImage: 0x11f000 (1175552)
31d78.1064: Resource Dir: 0x116000 LB 0x528
32d78.1064: ProductName: Microsoft® Windows® Operating System
33d78.1064: ProductVersion: 6.1.7601.23418
34d78.1064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
35d78.1064: FileDescription: Windows NT BASE API Client DLL
36d78.1064: \SystemRoot\System32\KernelBase.dll:
37d78.1064: CreationTime: 2016-05-11T13:52:02.764025400Z
38d78.1064: LastWriteTime: 2016-04-09T06:57:53.879000000Z
39d78.1064: ChangeTime: 2016-05-11T14:00:45.164886800Z
40d78.1064: FileAttributes: 0x20
41d78.1064: Size: 0x66800
42d78.1064: NT Headers: 0xe8
43d78.1064: Timestamp: 0x5708a89c
44d78.1064: Machine: 0x8664 - amd64
45d78.1064: Timestamp: 0x5708a89c
46d78.1064: Image Version: 6.1
47d78.1064: SizeOfImage: 0x6a000 (434176)
48d78.1064: Resource Dir: 0x68000 LB 0x530
49d78.1064: ProductName: Microsoft® Windows® Operating System
50d78.1064: ProductVersion: 6.1.7601.23418
51d78.1064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
52d78.1064: FileDescription: Windows NT BASE API Client DLL
53d78.1064: \SystemRoot\System32\apisetschema.dll:
54d78.1064: CreationTime: 2016-05-11T13:52:01.046369000Z
55d78.1064: LastWriteTime: 2016-04-09T06:57:48.684000000Z
56d78.1064: ChangeTime: 2016-05-11T14:00:44.322594800Z
57d78.1064: FileAttributes: 0x20
58d78.1064: Size: 0x1a00
59d78.1064: NT Headers: 0xc0
60d78.1064: Timestamp: 0x5708a835
61d78.1064: Machine: 0x8664 - amd64
62d78.1064: Timestamp: 0x5708a835
63d78.1064: Image Version: 6.1
64d78.1064: SizeOfImage: 0x50000 (327680)
65d78.1064: Resource Dir: 0x30000 LB 0x3f8
66d78.1064: ProductName: Microsoft® Windows® Operating System
67d78.1064: ProductVersion: 6.1.7601.23418
68d78.1064: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
69d78.1064: FileDescription: ApiSet Schema DLL
70d78.1064: Found driver mfewfpk (0x20)
71d78.1064: Found driver mfehidk (0x20)
72d78.1064: Found driver mfeavfk (0x20)
73d78.1064: Found driver mfefirek (0x20)
74d78.1064: supR3HardenedWinFindAdversaries: 0x20
75d78.1064: \SystemRoot\System32\drivers\mfeapfk.sys:
76d78.1064: CreationTime: 2016-05-01T23:40:41.348105800Z
77d78.1064: LastWriteTime: 2016-05-01T23:40:36.417810600Z
78d78.1064: ChangeTime: 2016-05-05T17:26:05.754969000Z
79d78.1064: FileAttributes: 0x20
80d78.1064: Size: 0x2c030
81d78.1064: NT Headers: 0xe8
82d78.1064: Timestamp: 0x52ab7fef
83d78.1064: Machine: 0x8664 - amd64
84d78.1064: Timestamp: 0x52ab7fef
85d78.1064: Image Version: 0.0
86d78.1064: SizeOfImage: 0x29d00 (171264)
87d78.1064: Resource Dir: 0x29500 LB 0x340
88d78.1064: ProductName: SYSCORE
89d78.1064: FileVersion: SYSCORE.15.1.0.656
90d78.1064: PrivateBuild: SYSCORE.15.1.0.656 F16
91d78.1064: FileDescription: Access Protection Filter Driver
92d78.1064: \SystemRoot\System32\drivers\mfeavfk.sys:
93d78.1064: CreationTime: 2016-05-01T23:40:41.332503600Z
94d78.1064: LastWriteTime: 2016-07-06T03:55:55.919033700Z
95d78.1064: ChangeTime: 2016-07-06T03:56:09.602769900Z
96d78.1064: FileAttributes: 0x20
97d78.1064: Size: 0x55528
98d78.1064: NT Headers: 0xe8
99d78.1064: Timestamp: 0x571a4a46
100d78.1064: Machine: 0x8664 - amd64
101d78.1064: Timestamp: 0x571a4a46
102d78.1064: Image Version: 0.0
103d78.1064: SizeOfImage: 0x57000 (356352)
104d78.1064: Resource Dir: 0x55000 LB 0x758
105d78.1064: ProductName: SYSCORE
106d78.1064: ProductVersion: 15.4.0.822
107d78.1064: FileVersion: SYSCORE.15.4.0.822
108d78.1064: PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19
109d78.1064: FileDescription: Anti-Virus File System Filter Driver
110d78.1064: \SystemRoot\System32\drivers\mfefirek.sys:
111d78.1064: CreationTime: 2016-05-01T23:42:24.572261000Z
112d78.1064: LastWriteTime: 2016-03-11T20:04:44.000000000Z
113d78.1064: ChangeTime: 2016-07-11T19:58:53.550648400Z
114d78.1064: FileAttributes: 0x20
115d78.1064: Size: 0x78728
116d78.1064: NT Headers: 0xe8
117d78.1064: Timestamp: 0x56da2ee9
118d78.1064: Machine: 0x8664 - amd64
119d78.1064: Timestamp: 0x56da2ee9
120d78.1064: Image Version: 0.0
121d78.1064: SizeOfImage: 0x7b000 (503808)
122d78.1064: Resource Dir: 0x77000 LB 0x388
123d78.1064: ProductName: SYSCORE
124d78.1064: ProductVersion: 15.4.0.815
125d78.1064: FileVersion: SYSCORE.15.4.0.815
126d78.1064: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
127d78.1064: FileDescription: McAfee Core Firewall Engine Driver
128d78.1064: \SystemRoot\System32\drivers\mfehidk.sys:
129d78.1064: CreationTime: 2016-05-01T23:40:40.989255200Z
130d78.1064: LastWriteTime: 2016-07-06T03:55:55.873524600Z
131d78.1064: ChangeTime: 2016-07-06T03:55:55.873524600Z
132d78.1064: FileAttributes: 0x20
133d78.1064: Size: 0xcdd28
134d78.1064: NT Headers: 0x100
135d78.1064: Timestamp: 0x571a49df
136d78.1064: Machine: 0x8664 - amd64
137d78.1064: Timestamp: 0x571a49df
138d78.1064: Image Version: 0.0
139d78.1064: SizeOfImage: 0xd9000 (888832)
140d78.1064: Resource Dir: 0xd5000 LB 0x758
141d78.1064: ProductName: SYSCORE
142d78.1064: ProductVersion: 15.4.0.822
143d78.1064: FileVersion: SYSCORE.15.4.0.822
144d78.1064: PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20
145d78.1064: FileDescription: McAfee Link Driver
146d78.1064: \SystemRoot\System32\drivers\mfewfpk.sys:
147d78.1064: CreationTime: 2016-05-01T23:40:39.179400000Z
148d78.1064: LastWriteTime: 2016-03-11T20:04:44.000000000Z
149d78.1064: ChangeTime: 2016-07-11T19:58:51.168672100Z
150d78.1064: FileAttributes: 0x20
151d78.1064: Size: 0x3b728
152d78.1064: NT Headers: 0xf0
153d78.1064: Timestamp: 0x56da2e29
154d78.1064: Machine: 0x8664 - amd64
155d78.1064: Timestamp: 0x56da2e29
156d78.1064: Image Version: 0.0
157d78.1064: SizeOfImage: 0x59000 (364544)
158d78.1064: Resource Dir: 0x57000 LB 0x380
159d78.1064: ProductName: SYSCORE
160d78.1064: ProductVersion: 15.4.0.815
161d78.1064: FileVersion: SYSCORE.15.4.0.815
162d78.1064: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
163d78.1064: FileDescription: Anti-Virus Mini-Firewall Driver
164d78.1064: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
165d78.1064: Calling main()
166d78.1064: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
167d78.1064: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
168d78.1064: SUPR3HardenedMain: Respawn #1
169d78.1064: System32: \Device\HarddiskVolume2\Windows\System32
170d78.1064: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
171d78.1064: KnownDllPath: C:\WINDOWS\system32
172d78.1064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
173d78.1064: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
174d78.1064: supR3HardNtEnableThreadCreation:
175d78.1064: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007752a0e0 pvNtTerminateThread=000000007754c060
176d78.1064: supR3HardenedWinDoReSpawn(1): New child 2174.1b14 [kernel32].
177d78.1064: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
178d78.1064: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077500000 uNtDllChildAddr=0000000077500000
179d78.1064: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007752a0e0
180d78.1064: supR3HardenedWinSetupChildInit: Start child.
181d78.1064: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
182d78.1064: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
183d78.1064: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
184d78.1064: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
185d78.1064: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
186d78.1064: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
187d78.1064: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
188d78.1064: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
189d78.1064: 0000000000041000-ffffffffffe71fff 0x0001/0x0000 0x0000000
190d78.1064: *0000000000210000-0000000000113fff 0x0000/0x0004 0x0020000
191d78.1064: 000000000030c000-0000000000309fff 0x0104/0x0004 0x0020000
192d78.1064: 000000000030e000-000000000030bfff 0x0004/0x0004 0x0020000
193d78.1064: 0000000000310000-ffffffff8911ffff 0x0001/0x0000 0x0000000
194d78.1064: *0000000077500000-0000000077500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
195d78.1064: 0000000077501000-00000000775fdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
196d78.1064: 00000000775fe000-000000007762cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
197d78.1064: 000000007762d000-0000000077636fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
198d78.1064: 0000000077637000-0000000077637fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
199d78.1064: 0000000077638000-000000007763afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
200d78.1064: 000000007763b000-00000000776a9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
201d78.1064: 00000000776aa000-000000006fd73fff 0x0001/0x0000 0x0000000
202d78.1064: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
203d78.1064: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
204d78.1064: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
205d78.1064: 000000007fff0000-ffffffffc056ffff 0x0001/0x0000 0x0000000
206d78.1064: *000000013fa70000-000000013fa70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
207d78.1064: 000000013fa71000-000000013fadffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
208d78.1064: 000000013fae0000-000000013fae0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
209d78.1064: 000000013fae1000-000000013fb25fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
210d78.1064: 000000013fb26000-000000013fb26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
211d78.1064: 000000013fb27000-000000013fb27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
212d78.1064: 000000013fb28000-000000013fb2cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
213d78.1064: 000000013fb2d000-000000013fb2dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
214d78.1064: 000000013fb2e000-000000013fb2efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
215d78.1064: 000000013fb2f000-000000013fb32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
216d78.1064: 000000013fb33000-000000013fb7afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
217d78.1064: 000000013fb7b000-fffff8037fed5fff 0x0001/0x0000 0x0000000
218d78.1064: *000007feff820000-000007feff820fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
219d78.1064: 000007feff821000-000007fdff091fff 0x0001/0x0000 0x0000000
220d78.1064: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
221d78.1064: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
222d78.1064: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
223d78.1064: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
224d78.1064: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
225d78.1064: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
226d78.1064: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
227d78.1064: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
228d78.1064: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
229d78.1064: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
230d78.1064: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
231d78.1064: supR3HardNtChildPurify: Done after 564 ms and 0 fixes (loop #0).
232d78.1064: supR3HardNtEnableThreadCreation:
2332174.1b14: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2342174.1b14: supR3HardenedVmProcessInit: uNtDllAddr=0000000077500000 g_uNtVerCombined=0x611db100
2352174.1b14: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
2362174.1b14: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
2372174.1b14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2382174.1b14: System32: \Device\HarddiskVolume2\Windows\System32
2392174.1b14: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2402174.1b14: KnownDllPath: C:\WINDOWS\system32
2412174.1b14: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2422174.1b14: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2432174.1b14: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2442174.1b14: Registered Dll notification callback with NTDLL.
2452174.1b14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2462174.1b14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2472174.1b14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2482174.1b14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2492174.1b14: supR3HardenedDllNotificationCallback: load 00000000773e0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
2502174.1b14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2512174.1b14: supR3HardenedDllNotificationCallback: load 000007fefd500000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
2522174.1b14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2532174.1b14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2542174.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'C:\WINDOWS\system32\kernel32.dll'
2552174.1b14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007752a0e0 pvNtTerminateThread=000000007754c060
256d78.1064: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 24 ms.
2572174.1b14: \SystemRoot\System32\ntdll.dll:
2582174.1b14: CreationTime: 2016-05-11T13:52:03.246428900Z
2592174.1b14: LastWriteTime: 2016-04-09T06:59:27.660769000Z
2602174.1b14: ChangeTime: 2016-05-11T14:00:44.540966800Z
2612174.1b14: FileAttributes: 0x20
2622174.1b14: Size: 0x1a7100
2632174.1b14: NT Headers: 0xe0
2642174.1b14: Timestamp: 0x5708a857
2652174.1b14: Machine: 0x8664 - amd64
2662174.1b14: Timestamp: 0x5708a857
2672174.1b14: Image Version: 6.1
2682174.1b14: SizeOfImage: 0x1aa000 (1744896)
2692174.1b14: Resource Dir: 0x14e000 LB 0x5a028
2702174.1b14: ProductName: Microsoft® Windows® Operating System
2712174.1b14: ProductVersion: 6.1.7601.23418
2722174.1b14: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
2732174.1b14: FileDescription: NT Layer DLL
2742174.1b14: \SystemRoot\System32\kernel32.dll:
2752174.1b14: CreationTime: 2016-05-11T13:52:02.723533500Z
2762174.1b14: LastWriteTime: 2016-04-09T06:57:53.879000000Z
2772174.1b14: ChangeTime: 2016-05-11T14:00:45.149288800Z
2782174.1b14: FileAttributes: 0x20
2792174.1b14: Size: 0x11c000
2802174.1b14: NT Headers: 0xe0
2812174.1b14: Timestamp: 0x5708a89b
2822174.1b14: Machine: 0x8664 - amd64
2832174.1b14: Timestamp: 0x5708a89b
2842174.1b14: Image Version: 6.1
2852174.1b14: SizeOfImage: 0x11f000 (1175552)
2862174.1b14: Resource Dir: 0x116000 LB 0x528
2872174.1b14: ProductName: Microsoft® Windows® Operating System
2882174.1b14: ProductVersion: 6.1.7601.23418
2892174.1b14: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
2902174.1b14: FileDescription: Windows NT BASE API Client DLL
2912174.1b14: \SystemRoot\System32\KernelBase.dll:
2922174.1b14: CreationTime: 2016-05-11T13:52:02.764025400Z
2932174.1b14: LastWriteTime: 2016-04-09T06:57:53.879000000Z
2942174.1b14: ChangeTime: 2016-05-11T14:00:45.164886800Z
2952174.1b14: FileAttributes: 0x20
2962174.1b14: Size: 0x66800
2972174.1b14: NT Headers: 0xe8
2982174.1b14: Timestamp: 0x5708a89c
2992174.1b14: Machine: 0x8664 - amd64
3002174.1b14: Timestamp: 0x5708a89c
3012174.1b14: Image Version: 6.1
3022174.1b14: SizeOfImage: 0x6a000 (434176)
3032174.1b14: Resource Dir: 0x68000 LB 0x530
3042174.1b14: ProductName: Microsoft® Windows® Operating System
3052174.1b14: ProductVersion: 6.1.7601.23418
3062174.1b14: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3072174.1b14: FileDescription: Windows NT BASE API Client DLL
3082174.1b14: \SystemRoot\System32\apisetschema.dll:
3092174.1b14: CreationTime: 2016-05-11T13:52:01.046369000Z
3102174.1b14: LastWriteTime: 2016-04-09T06:57:48.684000000Z
3112174.1b14: ChangeTime: 2016-05-11T14:00:44.322594800Z
3122174.1b14: FileAttributes: 0x20
3132174.1b14: Size: 0x1a00
3142174.1b14: NT Headers: 0xc0
3152174.1b14: Timestamp: 0x5708a835
3162174.1b14: Machine: 0x8664 - amd64
3172174.1b14: Timestamp: 0x5708a835
3182174.1b14: Image Version: 6.1
3192174.1b14: SizeOfImage: 0x50000 (327680)
3202174.1b14: Resource Dir: 0x30000 LB 0x3f8
3212174.1b14: ProductName: Microsoft® Windows® Operating System
3222174.1b14: ProductVersion: 6.1.7601.23418
3232174.1b14: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
3242174.1b14: FileDescription: ApiSet Schema DLL
3252174.1b14: Found driver mfewfpk (0x20)
3262174.1b14: Found driver mfehidk (0x20)
3272174.1b14: Found driver mfeavfk (0x20)
3282174.1b14: Found driver mfefirek (0x20)
3292174.1b14: supR3HardenedWinFindAdversaries: 0x20
3302174.1b14: \SystemRoot\System32\drivers\mfeapfk.sys:
3312174.1b14: CreationTime: 2016-05-01T23:40:41.348105800Z
3322174.1b14: LastWriteTime: 2016-05-01T23:40:36.417810600Z
3332174.1b14: ChangeTime: 2016-05-05T17:26:05.754969000Z
3342174.1b14: FileAttributes: 0x20
3352174.1b14: Size: 0x2c030
3362174.1b14: NT Headers: 0xe8
3372174.1b14: Timestamp: 0x52ab7fef
3382174.1b14: Machine: 0x8664 - amd64
3392174.1b14: Timestamp: 0x52ab7fef
3402174.1b14: Image Version: 0.0
3412174.1b14: SizeOfImage: 0x29d00 (171264)
3422174.1b14: Resource Dir: 0x29500 LB 0x340
3432174.1b14: ProductName: SYSCORE
3442174.1b14: FileVersion: SYSCORE.15.1.0.656
3452174.1b14: PrivateBuild: SYSCORE.15.1.0.656 F16
3462174.1b14: FileDescription: Access Protection Filter Driver
3472174.1b14: \SystemRoot\System32\drivers\mfeavfk.sys:
3482174.1b14: CreationTime: 2016-05-01T23:40:41.332503600Z
3492174.1b14: LastWriteTime: 2016-07-06T03:55:55.919033700Z
3502174.1b14: ChangeTime: 2016-07-06T03:56:09.602769900Z
3512174.1b14: FileAttributes: 0x20
3522174.1b14: Size: 0x55528
3532174.1b14: NT Headers: 0xe8
3542174.1b14: Timestamp: 0x571a4a46
3552174.1b14: Machine: 0x8664 - amd64
3562174.1b14: Timestamp: 0x571a4a46
3572174.1b14: Image Version: 0.0
3582174.1b14: SizeOfImage: 0x57000 (356352)
3592174.1b14: Resource Dir: 0x55000 LB 0x758
3602174.1b14: ProductName: SYSCORE
3612174.1b14: ProductVersion: 15.4.0.822
3622174.1b14: FileVersion: SYSCORE.15.4.0.822
3632174.1b14: PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19
3642174.1b14: FileDescription: Anti-Virus File System Filter Driver
3652174.1b14: \SystemRoot\System32\drivers\mfefirek.sys:
3662174.1b14: CreationTime: 2016-05-01T23:42:24.572261000Z
3672174.1b14: LastWriteTime: 2016-03-11T20:04:44.000000000Z
3682174.1b14: ChangeTime: 2016-07-11T19:58:53.550648400Z
3692174.1b14: FileAttributes: 0x20
3702174.1b14: Size: 0x78728
3712174.1b14: NT Headers: 0xe8
3722174.1b14: Timestamp: 0x56da2ee9
3732174.1b14: Machine: 0x8664 - amd64
3742174.1b14: Timestamp: 0x56da2ee9
3752174.1b14: Image Version: 0.0
3762174.1b14: SizeOfImage: 0x7b000 (503808)
3772174.1b14: Resource Dir: 0x77000 LB 0x388
3782174.1b14: ProductName: SYSCORE
3792174.1b14: ProductVersion: 15.4.0.815
3802174.1b14: FileVersion: SYSCORE.15.4.0.815
3812174.1b14: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
3822174.1b14: FileDescription: McAfee Core Firewall Engine Driver
3832174.1b14: \SystemRoot\System32\drivers\mfehidk.sys:
3842174.1b14: CreationTime: 2016-05-01T23:40:40.989255200Z
3852174.1b14: LastWriteTime: 2016-07-06T03:55:55.873524600Z
3862174.1b14: ChangeTime: 2016-07-06T03:55:55.873524600Z
3872174.1b14: FileAttributes: 0x20
3882174.1b14: Size: 0xcdd28
3892174.1b14: NT Headers: 0x100
3902174.1b14: Timestamp: 0x571a49df
3912174.1b14: Machine: 0x8664 - amd64
3922174.1b14: Timestamp: 0x571a49df
3932174.1b14: Image Version: 0.0
3942174.1b14: SizeOfImage: 0xd9000 (888832)
3952174.1b14: Resource Dir: 0xd5000 LB 0x758
3962174.1b14: ProductName: SYSCORE
3972174.1b14: ProductVersion: 15.4.0.822
3982174.1b14: FileVersion: SYSCORE.15.4.0.822
3992174.1b14: PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20
4002174.1b14: FileDescription: McAfee Link Driver
4012174.1b14: \SystemRoot\System32\drivers\mfewfpk.sys:
4022174.1b14: CreationTime: 2016-05-01T23:40:39.179400000Z
4032174.1b14: LastWriteTime: 2016-03-11T20:04:44.000000000Z
4042174.1b14: ChangeTime: 2016-07-11T19:58:51.168672100Z
4052174.1b14: FileAttributes: 0x20
4062174.1b14: Size: 0x3b728
4072174.1b14: NT Headers: 0xf0
4082174.1b14: Timestamp: 0x56da2e29
4092174.1b14: Machine: 0x8664 - amd64
4102174.1b14: Timestamp: 0x56da2e29
4112174.1b14: Image Version: 0.0
4122174.1b14: SizeOfImage: 0x59000 (364544)
4132174.1b14: Resource Dir: 0x57000 LB 0x380
4142174.1b14: ProductName: SYSCORE
4152174.1b14: ProductVersion: 15.4.0.815
4162174.1b14: FileVersion: SYSCORE.15.4.0.815
4172174.1b14: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
4182174.1b14: FileDescription: Anti-Virus Mini-Firewall Driver
4192174.1b14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4202174.1b14: Calling main()
4212174.1b14: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4222174.1b14: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4232174.1b14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4242174.1b14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4252174.1b14: SUPR3HardenedMain: Respawn #2
4262174.1b14: supR3HardNtEnableThreadCreation:
4272174.1b14: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
4282174.1b14: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
4292174.1b14: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4302174.1b14: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4312174.1b14: supR3HardenedDllNotificationCallback: load 000007fefd030000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
4322174.1b14: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
4332174.1b14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd030000 'C:\WINDOWS\system32\apphelp.dll'
4342174.1b14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007752a0e0 pvNtTerminateThread=000000007754c060
4352174.1b14: supR3HardenedWinDoReSpawn(2): New child 664.2020 [kernel32].
4362174.1b14: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd4000 cbPeb=0x380
4372174.1b14: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077500000 uNtDllChildAddr=0000000077500000
4382174.1b14: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007752a0e0
4392174.1b14: supR3HardenedWinSetupChildInit: Start child.
4402174.1b14: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
4412174.1b14: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
4422174.1b14: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
4432174.1b14: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
4442174.1b14: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
4452174.1b14: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
4462174.1b14: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
4472174.1b14: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
4482174.1b14: 0000000000041000-ffffffffffe91fff 0x0001/0x0000 0x0000000
4492174.1b14: *00000000001f0000-00000000000f3fff 0x0000/0x0004 0x0020000
4502174.1b14: 00000000002ec000-00000000002e9fff 0x0104/0x0004 0x0020000
4512174.1b14: 00000000002ee000-00000000002ebfff 0x0004/0x0004 0x0020000
4522174.1b14: 00000000002f0000-ffffffff890dffff 0x0001/0x0000 0x0000000
4532174.1b14: *0000000077500000-0000000077500fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4542174.1b14: 0000000077501000-00000000775fdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4552174.1b14: 00000000775fe000-000000007762cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4562174.1b14: 000000007762d000-0000000077636fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4572174.1b14: 0000000077637000-0000000077637fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4582174.1b14: 0000000077638000-000000007763afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4592174.1b14: 000000007763b000-00000000776a9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4602174.1b14: 00000000776aa000-000000006fd73fff 0x0001/0x0000 0x0000000
4612174.1b14: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4622174.1b14: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4632174.1b14: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4642174.1b14: 000000007fff0000-ffffffffc056ffff 0x0001/0x0000 0x0000000
4652174.1b14: *000000013fa70000-000000013fa70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4662174.1b14: 000000013fa71000-000000013fadffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4672174.1b14: 000000013fae0000-000000013fae0fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4682174.1b14: 000000013fae1000-000000013fb25fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4692174.1b14: 000000013fb26000-000000013fb26fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4702174.1b14: 000000013fb27000-000000013fb27fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4712174.1b14: 000000013fb28000-000000013fb2cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4722174.1b14: 000000013fb2d000-000000013fb2dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4732174.1b14: 000000013fb2e000-000000013fb2efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4742174.1b14: 000000013fb2f000-000000013fb32fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4752174.1b14: 000000013fb33000-000000013fb7afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4762174.1b14: 000000013fb7b000-fffff8037fed5fff 0x0001/0x0000 0x0000000
4772174.1b14: *000007feff820000-000007feff820fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4782174.1b14: 000007feff821000-000007fdff091fff 0x0001/0x0000 0x0000000
4792174.1b14: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4802174.1b14: 000007fffffd3000-000007fffffd1fff 0x0001/0x0000 0x0000000
4812174.1b14: *000007fffffd4000-000007fffffd2fff 0x0004/0x0004 0x0020000
4822174.1b14: 000007fffffd5000-000007fffffcbfff 0x0001/0x0000 0x0000000
4832174.1b14: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4842174.1b14: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4852174.1b14: apisetschema.dll: timestamp 0x5708a835 (rc=VINF_SUCCESS)
4862174.1b14: VirtualBox.exe: timestamp 0x57b358f8 (rc=VINF_SUCCESS)
4872174.1b14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4882174.1b14: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4892174.1b14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4902174.1b14: supR3HardNtChildPurify: Done after 564 ms and 0 fixes (loop #0).
4912174.1b14: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
4922174.1b14: supR3HardNtEnableThreadCreation:
493664.2020: Log file opened: 5.1.4r110228 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
494664.2020: supR3HardenedVmProcessInit: uNtDllAddr=0000000077500000 g_uNtVerCombined=0x611db100
495664.2020: ntdll.dll: timestamp 0x5708a857 (rc=VINF_SUCCESS)
496664.2020: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1744896 allocation)
497664.2020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
498664.2020: System32: \Device\HarddiskVolume2\Windows\System32
499664.2020: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
500664.2020: KnownDllPath: C:\WINDOWS\system32
501664.2020: supR3HardenedVmProcessInit: Opening vboxdrv...
502664.2020: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
503664.2020: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
504664.2020: Registered Dll notification callback with NTDLL.
505664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
506664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
507664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
508664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
509664.2020: supR3HardenedDllNotificationCallback: load 00000000773e0000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
510664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
511664.2020: supR3HardenedDllNotificationCallback: load 000007fefd500000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
512664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
513664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
514664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'C:\WINDOWS\system32\kernel32.dll'
515664.2020: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007752a0e0 pvNtTerminateThread=000000007754c060
5162174.1b14: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 27 ms.
517664.2020: \SystemRoot\System32\ntdll.dll:
518664.2020: CreationTime: 2016-05-11T13:52:03.246428900Z
519664.2020: LastWriteTime: 2016-04-09T06:59:27.660769000Z
520664.2020: ChangeTime: 2016-05-11T14:00:44.540966800Z
521664.2020: FileAttributes: 0x20
522664.2020: Size: 0x1a7100
523664.2020: NT Headers: 0xe0
524664.2020: Timestamp: 0x5708a857
525664.2020: Machine: 0x8664 - amd64
526664.2020: Timestamp: 0x5708a857
527664.2020: Image Version: 6.1
528664.2020: SizeOfImage: 0x1aa000 (1744896)
529664.2020: Resource Dir: 0x14e000 LB 0x5a028
530664.2020: ProductName: Microsoft® Windows® Operating System
531664.2020: ProductVersion: 6.1.7601.23418
532664.2020: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
533664.2020: FileDescription: NT Layer DLL
534664.2020: \SystemRoot\System32\kernel32.dll:
535664.2020: CreationTime: 2016-05-11T13:52:02.723533500Z
536664.2020: LastWriteTime: 2016-04-09T06:57:53.879000000Z
537664.2020: ChangeTime: 2016-05-11T14:00:45.149288800Z
538664.2020: FileAttributes: 0x20
539664.2020: Size: 0x11c000
540664.2020: NT Headers: 0xe0
541664.2020: Timestamp: 0x5708a89b
542664.2020: Machine: 0x8664 - amd64
543664.2020: Timestamp: 0x5708a89b
544664.2020: Image Version: 6.1
545664.2020: SizeOfImage: 0x11f000 (1175552)
546664.2020: Resource Dir: 0x116000 LB 0x528
547664.2020: ProductName: Microsoft® Windows® Operating System
548664.2020: ProductVersion: 6.1.7601.23418
549664.2020: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
550664.2020: FileDescription: Windows NT BASE API Client DLL
551664.2020: \SystemRoot\System32\KernelBase.dll:
552664.2020: CreationTime: 2016-05-11T13:52:02.764025400Z
553664.2020: LastWriteTime: 2016-04-09T06:57:53.879000000Z
554664.2020: ChangeTime: 2016-05-11T14:00:45.164886800Z
555664.2020: FileAttributes: 0x20
556664.2020: Size: 0x66800
557664.2020: NT Headers: 0xe8
558664.2020: Timestamp: 0x5708a89c
559664.2020: Machine: 0x8664 - amd64
560664.2020: Timestamp: 0x5708a89c
561664.2020: Image Version: 6.1
562664.2020: SizeOfImage: 0x6a000 (434176)
563664.2020: Resource Dir: 0x68000 LB 0x530
564664.2020: ProductName: Microsoft® Windows® Operating System
565664.2020: ProductVersion: 6.1.7601.23418
566664.2020: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
567664.2020: FileDescription: Windows NT BASE API Client DLL
568664.2020: \SystemRoot\System32\apisetschema.dll:
569664.2020: CreationTime: 2016-05-11T13:52:01.046369000Z
570664.2020: LastWriteTime: 2016-04-09T06:57:48.684000000Z
571664.2020: ChangeTime: 2016-05-11T14:00:44.322594800Z
572664.2020: FileAttributes: 0x20
573664.2020: Size: 0x1a00
574664.2020: NT Headers: 0xc0
575664.2020: Timestamp: 0x5708a835
576664.2020: Machine: 0x8664 - amd64
577664.2020: Timestamp: 0x5708a835
578664.2020: Image Version: 6.1
579664.2020: SizeOfImage: 0x50000 (327680)
580664.2020: Resource Dir: 0x30000 LB 0x3f8
581664.2020: ProductName: Microsoft® Windows® Operating System
582664.2020: ProductVersion: 6.1.7601.23418
583664.2020: FileVersion: 6.1.7601.23418 (win7sp1_ldr.160408-2045)
584664.2020: FileDescription: ApiSet Schema DLL
585664.2020: Found driver mfewfpk (0x20)
586664.2020: Found driver mfehidk (0x20)
587664.2020: Found driver mfeavfk (0x20)
588664.2020: Found driver mfefirek (0x20)
589664.2020: supR3HardenedWinFindAdversaries: 0x20
590664.2020: \SystemRoot\System32\drivers\mfeapfk.sys:
591664.2020: CreationTime: 2016-05-01T23:40:41.348105800Z
592664.2020: LastWriteTime: 2016-05-01T23:40:36.417810600Z
593664.2020: ChangeTime: 2016-05-05T17:26:05.754969000Z
594664.2020: FileAttributes: 0x20
595664.2020: Size: 0x2c030
596664.2020: NT Headers: 0xe8
597664.2020: Timestamp: 0x52ab7fef
598664.2020: Machine: 0x8664 - amd64
599664.2020: Timestamp: 0x52ab7fef
600664.2020: Image Version: 0.0
601664.2020: SizeOfImage: 0x29d00 (171264)
602664.2020: Resource Dir: 0x29500 LB 0x340
603664.2020: ProductName: SYSCORE
604664.2020: FileVersion: SYSCORE.15.1.0.656
605664.2020: PrivateBuild: SYSCORE.15.1.0.656 F16
606664.2020: FileDescription: Access Protection Filter Driver
607664.2020: \SystemRoot\System32\drivers\mfeavfk.sys:
608664.2020: CreationTime: 2016-05-01T23:40:41.332503600Z
609664.2020: LastWriteTime: 2016-07-06T03:55:55.919033700Z
610664.2020: ChangeTime: 2016-07-06T03:56:09.602769900Z
611664.2020: FileAttributes: 0x20
612664.2020: Size: 0x55528
613664.2020: NT Headers: 0xe8
614664.2020: Timestamp: 0x571a4a46
615664.2020: Machine: 0x8664 - amd64
616664.2020: Timestamp: 0x571a4a46
617664.2020: Image Version: 0.0
618664.2020: SizeOfImage: 0x57000 (356352)
619664.2020: Resource Dir: 0x55000 LB 0x758
620664.2020: ProductName: SYSCORE
621664.2020: ProductVersion: 15.4.0.822
622664.2020: FileVersion: SYSCORE.15.4.0.822
623664.2020: PrivateBuild: SYSCORE.15.4.0.822 F15,F16,F19
624664.2020: FileDescription: Anti-Virus File System Filter Driver
625664.2020: \SystemRoot\System32\drivers\mfefirek.sys:
626664.2020: CreationTime: 2016-05-01T23:42:24.572261000Z
627664.2020: LastWriteTime: 2016-03-11T20:04:44.000000000Z
628664.2020: ChangeTime: 2016-07-11T19:58:53.550648400Z
629664.2020: FileAttributes: 0x20
630664.2020: Size: 0x78728
631664.2020: NT Headers: 0xe8
632664.2020: Timestamp: 0x56da2ee9
633664.2020: Machine: 0x8664 - amd64
634664.2020: Timestamp: 0x56da2ee9
635664.2020: Image Version: 0.0
636664.2020: SizeOfImage: 0x7b000 (503808)
637664.2020: Resource Dir: 0x77000 LB 0x388
638664.2020: ProductName: SYSCORE
639664.2020: ProductVersion: 15.4.0.815
640664.2020: FileVersion: SYSCORE.15.4.0.815
641664.2020: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
642664.2020: FileDescription: McAfee Core Firewall Engine Driver
643664.2020: \SystemRoot\System32\drivers\mfehidk.sys:
644664.2020: CreationTime: 2016-05-01T23:40:40.989255200Z
645664.2020: LastWriteTime: 2016-07-06T03:55:55.873524600Z
646664.2020: ChangeTime: 2016-07-06T03:55:55.873524600Z
647664.2020: FileAttributes: 0x20
648664.2020: Size: 0xcdd28
649664.2020: NT Headers: 0x100
650664.2020: Timestamp: 0x571a49df
651664.2020: Machine: 0x8664 - amd64
652664.2020: Timestamp: 0x571a49df
653664.2020: Image Version: 0.0
654664.2020: SizeOfImage: 0xd9000 (888832)
655664.2020: Resource Dir: 0xd5000 LB 0x758
656664.2020: ProductName: SYSCORE
657664.2020: ProductVersion: 15.4.0.822
658664.2020: FileVersion: SYSCORE.15.4.0.822
659664.2020: PrivateBuild: SYSCORE.15.4.0.822 F14,F15,F16,F18,F20
660664.2020: FileDescription: McAfee Link Driver
661664.2020: \SystemRoot\System32\drivers\mfewfpk.sys:
662664.2020: CreationTime: 2016-05-01T23:40:39.179400000Z
663664.2020: LastWriteTime: 2016-03-11T20:04:44.000000000Z
664664.2020: ChangeTime: 2016-07-11T19:58:51.168672100Z
665664.2020: FileAttributes: 0x20
666664.2020: Size: 0x3b728
667664.2020: NT Headers: 0xf0
668664.2020: Timestamp: 0x56da2e29
669664.2020: Machine: 0x8664 - amd64
670664.2020: Timestamp: 0x56da2e29
671664.2020: Image Version: 0.0
672664.2020: SizeOfImage: 0x59000 (364544)
673664.2020: Resource Dir: 0x57000 LB 0x380
674664.2020: ProductName: SYSCORE
675664.2020: ProductVersion: 15.4.0.815
676664.2020: FileVersion: SYSCORE.15.4.0.815
677664.2020: PrivateBuild: SYSCORE.15.4.0.815 F17,F18
678664.2020: FileDescription: Anti-Virus Mini-Firewall Driver
679664.2020: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
680664.2020: Calling main()
681664.2020: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
682664.2020: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
683664.2020: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
684664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
685664.2020: SUPR3HardenedMain: Final process, opening VBoxDrv...
686664.2020: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
687664.2020: supR3HardNtEnableThreadCreation:
688664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
689664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
690664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb671:<flags> [calling]
691664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
692664.2020: supR3HardenedDllNotificationCallback: load 000007fefa620000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
693664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
694664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
695664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e8df1:<flags> [calling]
696664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
697664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
698664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e8df1:<flags> [calling]
699664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
700664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa620000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
701664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
702664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
703664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
704664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
705664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
706664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
707664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
708664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
709664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
710664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
711664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
712664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
713664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
714664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
715664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
716664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
717664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
718664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
719664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
720664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
721664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
722664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
723664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
724664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
725664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
726664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
727664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
728664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
729664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
730664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
731664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ed481:<flags> [calling]
732664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
733664.2020: supR3HardenedDllNotificationCallback: load 000007fefd5a0000 LB 0x0003b000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
734664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
735664.2020: supR3HardenedDllNotificationCallback: load 000007fefee70000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
736664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
737664.2020: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x0016d000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
738664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
739664.2020: supR3HardenedDllNotificationCallback: load 000007fefd240000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
740664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
741664.2020: supR3HardenedDllNotificationCallback: load 000007feff6e0000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
742664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
743664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\WINDOWS\system32\Wintrust.dll'
744664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
745664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
746664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ed481:<flags> [calling]
747664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
748664.2020: supR3HardenedDllNotificationCallback: load 000007fefcab0000 LB 0x00022000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
749664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
750664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\WINDOWS\system32\bcrypt.dll'
751664.2020: bcrypt.dll loaded at 000007fefcab0000, BCryptOpenAlgorithmProvider at 000007fefcab2640, preloading providers:
752664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
753664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
754664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
755664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
756664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
757664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
758664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
759664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
760664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
761664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
762664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
763664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
764664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
765664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
766664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
767664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
768664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
769664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
770664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
771664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ed471:<flags> [calling]
772664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
773664.2020: supR3HardenedDllNotificationCallback: load 000007fefc660000 LB 0x0004c000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
774664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
775664.2020: supR3HardenedDllNotificationCallback: load 000007fefe710000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0]
776664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
777664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
778664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
779664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
780664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
781664.2020: supR3HardenedDllNotificationCallback: load 000007feff320000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
782664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
783664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc660000 'C:\WINDOWS\system32\bcryptprimitives.dll'
784664.2020: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008fbe60)
785664.2020: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008fdd20)
786664.2020: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008fde40)
787664.2020: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008fe050)
788664.2020: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008fe170)
789664.2020: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008fe290)
790664.2020: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008fe4d0)
791664.2020: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008fe5f0)
792664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
793664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
794664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
795664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
796664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
797664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
798664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
799664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
800664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecfd1:<flags> [calling]
801664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
802664.2020: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00018000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0]
803664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
804664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\WINDOWS\system32\CRYPTSP.dll'
805664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
806664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
807664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
808664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
809664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
810664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
811664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecf61:<flags> [calling]
812664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
813664.2020: supR3HardenedDllNotificationCallback: load 000007fefc720000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
814664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
815664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\WINDOWS\system32\rsaenh.dll'
816664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
817664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec7f1:<flags> [calling]
818664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
819664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
820664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
821664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecb71:<flags> [calling]
822664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
823664.2020: supR3HardenedDllNotificationCallback: load 000007fefd090000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0]
824664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
825664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd090000 'C:\WINDOWS\system32\CRYPTBASE.dll'
826664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
827664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec5a1:<flags> [calling]
828664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'C:\WINDOWS\system32\kernel32.dll'
829664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
830664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecf31:<flags> [calling]
831664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\WINDOWS\system32\WINTRUST.DLL'
832664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
833664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002ecd61:<flags> [calling]
834664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\CRYPT32.dll'
835664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
836664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
837664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
838664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
839664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
840664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
841664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
842664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
843664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
844664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
845664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecdb1:<flags> [calling]
846664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
847664.2020: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
848664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
849664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\WINDOWS\system32\imagehlp.dll'
850664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
851664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecf01:<flags> [calling]
852664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\WINDOWS\system32\CRYPTSP.dll'
853664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
854664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
855664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
856664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
857664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
858664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
859664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
860664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
861664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
862664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
863664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
864664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
865664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
866664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
867664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
868664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
869664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
870664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
871664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
872664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
873664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
874664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
875664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
876664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
877664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
878664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
879664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
880664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
881664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
882664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
883664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
884664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
885664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
886664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
887664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
888664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
889664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
890664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
891664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
892664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
893664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
894664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eca31:<flags> [calling]
895664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
896664.2020: supR3HardenedDllNotificationCallback: load 00000000772e0000 LB 0x000fa000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
897664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
898664.2020: supR3HardenedDllNotificationCallback: load 000007fefee00000 LB 0x00067000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
899664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
900664.2020: supR3HardenedDllNotificationCallback: load 000007fefe440000 LB 0x0000e000 C:\WINDOWS\system32\LPK.dll [fFlags=0x0]
901664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
902664.2020: supR3HardenedDllNotificationCallback: load 000007fefe9d0000 LB 0x000ca000 C:\WINDOWS\system32\USP10.dll [fFlags=0x0]
903664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
904664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
905664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ebf31:<flags> [calling]
906664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\WINDOWS\system32\gdi32.dll'
907664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
908664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
909664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
910664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
911664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
912664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
913664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
914664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
915664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
916664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
917664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
918664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
919664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
920664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
921664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
922664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
923664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
924664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
925664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
926664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
927664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
928664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
929664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
930664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
931664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
932664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
933664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
934664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
935664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
936664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
937664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
938664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb871:<flags> [calling]
939664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
940664.2020: supR3HardenedDllNotificationCallback: load 000007fefe7f0000 LB 0x0002e000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0]
941664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
942664.2020: supR3HardenedDllNotificationCallback: load 000007fefe8c0000 LB 0x00109000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
943664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
944664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'C:\WINDOWS\system32\IMM32.DLL'
945664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'version.dll'.
946664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
947664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
948664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
949664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
950664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
951664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
952664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
953664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
954664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
955664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
956664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
957664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
958664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
959664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\version.dll)
960664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
961664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
962664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
963664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
964664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\nvinitx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb481:<flags> [calling]
965664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
966664.2020: supR3HardenedDllNotificationCallback: load 000007fefd170000 LB 0x00031000 C:\WINDOWS\system32\nvinitx.dll [fFlags=0x0]
967664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nvinitx.dll [lacks WinVerifyTrust]
968664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
969664.2020: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x0000c000 C:\WINDOWS\system32\VERSION.dll [fFlags=0x0]
970664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\version.dll [lacks WinVerifyTrust]
971664.2020: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll: Owner is administrators group.
972664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll)
973664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll
974664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9ee1:<flags> [calling]
975664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
976664.2020: supR3HardenedDllNotificationCallback: load 00000000718d0000 LB 0x00006000 C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll [fFlags=0x0]
977664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
978664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000718d0000 'C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll'
979664.2020: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll: Owner is administrators group.
980664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
981664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
982664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
983664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'setupapi.dll'.
984664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'detoured.dll'.
985664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll)
986664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll
987664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
988664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
989664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
990664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
991664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
992664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
993664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
994664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
995664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
996664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
997664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
998664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
999664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll)
1000664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1001664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1002664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1003664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1004664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1005664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1006664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1007664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1008664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1009664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1010664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1011664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1012664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1013664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1014664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devobj.dll)
1015664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1016664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1017664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1018664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1019664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1020664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1021664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1022664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1023664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
1024664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1025664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1026664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1027664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1028664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1029664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1030664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1031664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1032664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1033664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1034664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1035664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1036664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1037664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1038664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1039664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1040664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1041664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1042664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll)
1043664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1044664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1045664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1046664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1047664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1048664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1049664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1050664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1051664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1052664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1053664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1054664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1055664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1056664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1057664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1058664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1059664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1060664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1061664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1062664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1063664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1064664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1065664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1066664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1067664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1068664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1069664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1070664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1071664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
1072664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1073664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1074664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1075664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
1076664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1077664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1078664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1079664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1080664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1081664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1082664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1083664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1084664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1085664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1086664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1087664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1088664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1089664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1090664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1091664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9ee1:<flags> [calling]
1092664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [lacks WinVerifyTrust]
1093664.2020: supR3HardenedDllNotificationCallback: load 000007fef5540000 LB 0x00031000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll [fFlags=0x0]
1094664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll [lacks WinVerifyTrust]
1095664.2020: supR3HardenedDllNotificationCallback: load 000007fefe450000 LB 0x001d7000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
1096664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll [lacks WinVerifyTrust]
1097664.2020: supR3HardenedDllNotificationCallback: load 000007fefd260000 LB 0x00036000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0]
1098664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
1099664.2020: supR3HardenedDllNotificationCallback: load 000007fefe630000 LB 0x000d8000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
1100664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
1101664.2020: supR3HardenedDllNotificationCallback: load 000007feff4d0000 LB 0x00203000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
1102664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
1103664.2020: supR3HardenedDllNotificationCallback: load 000007fefd4c0000 LB 0x0001a000 C:\WINDOWS\system32\DEVOBJ.dll [fFlags=0x0]
1104664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devobj.dll [lacks WinVerifyTrust]
1105664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Core-LocalRegistry-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002e9021:<flags> [calling]
1106664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'API-MS-Win-Core-LocalRegistry-L1-1-0.dll'
1107664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5540000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvd3d9wrapx.dll'
1108664.2020: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll: Owner is administrators group.
1109664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'advapi32.dll'.
1110664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'detoured.dll'.
1111664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll)
1112664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll
1113664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'detoured.dll'...
1114664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'detoured.dll' -> '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll' [rcNtRedir=0xc0150008]
1115664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll [lacks WinVerifyTrust]
1116664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1117664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1118664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1119664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9df1:<flags> [calling]
1120664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
1121664.2020: supR3HardenedDllNotificationCallback: load 000007fef5510000 LB 0x00022000 C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll [fFlags=0x0]
1122664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll [lacks WinVerifyTrust]
1123664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5510000 'C:\Program Files\NVIDIA Corporation\CoProcManager\nvdxgiwrapx.dll'
1124664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd170000 'C:\WINDOWS\system32\nvinitx.dll'
1125664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772e0000 'C:\WINDOWS\system32\USER32.dll'
1126664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1127664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1128664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1129664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
1130664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1131664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1132664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1133664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1134664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1135664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1136664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1137664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1138664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1139664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1140664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ecc41:<flags> [calling]
1141664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1142664.2020: supR3HardenedDllNotificationCallback: load 000007fefcb90000 LB 0x00050000 C:\WINDOWS\system32\ncrypt.dll [fFlags=0x0]
1143664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1144664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb90000 'C:\WINDOWS\system32\ncrypt.dll'
1145664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1146664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eca31:<flags> [calling]
1147664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\WINDOWS\system32\bcrypt.dll'
1148664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1149664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1150664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1151664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
1152664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
1153664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1154664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1155664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1156664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
1157664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
1158664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1159664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1160664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1161664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1162664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1163664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1164664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1165664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1166664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1167664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec3f1:<flags> [calling]
1168664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1169664.2020: supR3HardenedDllNotificationCallback: load 000007fefd570000 LB 0x0001e000 C:\WINDOWS\system32\USERENV.dll [fFlags=0x0]
1170664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1171664.2020: supR3HardenedDllNotificationCallback: load 000007fefd250000 LB 0x0000f000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
1172664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1173664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\WINDOWS\system32\USERENV.dll'
1174664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec151:<flags> [calling]
1175664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1176664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec4e1:<flags> [calling]
1177664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1178664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1179664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1180664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
1181664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
1182664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1183664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1184664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1185664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1186664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1187664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1188664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec711:<flags> [calling]
1189664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1190664.2020: supR3HardenedDllNotificationCallback: load 000007fefc490000 LB 0x0001b000 C:\WINDOWS\system32\GPAPI.dll [fFlags=0x0]
1191664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1192664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc490000 'C:\WINDOWS\system32\GPAPI.dll'
1193664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec661:<flags> [calling]
1194664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1195664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1196664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6e0000 'C:\WINDOWS\system32\rpcrt4.dll'
1197664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec641:<flags> [calling]
1198664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1199664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec651:<flags> [calling]
1200664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1201664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1202664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1203664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1204664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1205664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
1206664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1207664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1208664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1209664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1210664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
1211664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1212664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1213664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1214664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1215664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1216664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1217664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1218664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1219664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1220664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1221664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1222664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1223664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1224664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec131:<flags> [calling]
1225664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1226664.2020: supR3HardenedDllNotificationCallback: load 000007fef8d50000 LB 0x00027000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
1227664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1228664.2020: supR3HardenedDllNotificationCallback: load 000007fefe3e0000 LB 0x00052000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
1229664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1230664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1231664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1232664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1233664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1234664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1235664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1236664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1237664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1238664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1239664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1240664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1241664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1242664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1243664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1244664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1245664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1246664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002eb271:<flags> [calling]
1247664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1248664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1249664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1250664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1251664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1252664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1253664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1254664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1255664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1256664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1257664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1258664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1259664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1260664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8d50000 'C:\WINDOWS\system32\cryptnet.dll'
1261664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ebac1:<flags> [calling]
1262664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1263664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1264664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ebac1:<flags> [calling]
1265664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd250000 'C:\WINDOWS\system32\profapi.dll'
1266664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1267664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1268664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1269664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1270664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1271664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1272664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1273664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1274664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1275664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1276664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1277664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1278664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1279664.2020: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1280664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb561:<flags> [calling]
1281664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1282664.2020: supR3HardenedDllNotificationCallback: load 000007fefe820000 LB 0x00071000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
1283664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1284664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\WINDOWS\system32\SHLWAPI.dll'
1285664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1286664.2020: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000939bf0
1287664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1288664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2B2074603B390BFFDF065F1D99436E162DA01247
1289664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec401:<flags> [calling]
1290664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1291664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ebf61:<flags> [calling]
1292664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1293664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ebf61:<flags> [calling]
1294664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1295664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1296664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
1297664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec3b1:<flags> [calling]
1298664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1299664.2020: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002ec0a1:<flags> [calling]
1300664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1301664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\SystemRoot\System32\ntdll.dll'
1302664.2020: g_pfnWinVerifyTrust=000007fefd5a1010
1303664.2020: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1304664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1305664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1306664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1307664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BFD41401EDEBD4D914977D62B588ECABEE60CFD3
1308664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1309664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1310664.2020: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1311664.2020: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1312664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1313664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1314664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1315664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1BBE4EB6D114F50142F24E2E2749EFD81021486
1316664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1317664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1318664.2020: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1319664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000042c pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1320664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1321664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1322664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1323664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1324664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1325664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1326664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1327664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1328664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1329664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1330664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1331664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1332664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1333664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000041c pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1334664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1335664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1336664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=756DC088EE40CF9369C990D71B200F3CB59FC35D
1337664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3040272~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1338664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1339664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1340664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002d8 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1341664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1342664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1343664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1344664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1345664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1346664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1347664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000244 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1348664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1349664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1350664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1351664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1352664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1353664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1354664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000240 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1355664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1356664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1357664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1358664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1359664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1360664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1361664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000022c pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1362664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1363664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1364664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=400BD4B2DBFD7AD5A411C80DDBE71D9B6FC950B3
1365664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3167679~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1366664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1367664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1368664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1369664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb191:<flags> [calling]
1370664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\crypt32.dll'
1371664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvdxgiwrapx.dll'
1372664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1373664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1374664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1375664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
1376664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1377664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1378664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1379664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1380664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1381664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1382664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1383664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1384664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1385664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1386664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e0 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1387664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1388664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1389664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C3BC5EE6972BF0BFEF4A099CB82428B9B682CAD7
1390664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3139940~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1391664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1392664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1393664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001dc pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1394664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1395664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1396664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1397664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1398664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1399664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1400664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1401664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1402664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1403664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1404664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1405664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1406664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1407664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1408664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb191:<flags> [calling]
1409664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\crypt32.dll'
1410664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\nvd3d9wrapx.dll'
1411664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\NVIDIA Corporation\coprocmanager\detoured.dll'
1412664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
1413664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1414664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1415664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
1416664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
1417664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1418664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
1419664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1420664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb191:<flags> [calling]
1421664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\crypt32.dll'
1422664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nvinitx.dll'
1423664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1424664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1425664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1426664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
1427664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1428664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1429664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1430664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1431664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1432664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1433664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1434664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1435664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1436664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1437664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1438664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1439664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1440664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
1441664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1442664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1443664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1444664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1445664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1446664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1447664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B248FC58436AAEFEF00A75FCE0F004E89F8C7F94
1448664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1449664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1450664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1451664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1452664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1453664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1454664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
1455664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1456664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1457664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1458664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1459664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1460664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1461664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=94AFB7B548C6C2376C6AEE4ECE2FA09C90F5FD4B
1462664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_4_for_KB3109094~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1463664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1464664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1465664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1466664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1467664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1468664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1469664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1470664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1471664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1472664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1473664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1474664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1475664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E651DBB639B140C0B4301B4359E8081FB26257F6
1476664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3167679~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1477664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1478664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1479664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1480664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1481664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1482664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1483664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BA7AC4A7E8ADDFEA90AC951ECB6D6546E4873613
1484664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1485664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1486664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1487664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1488664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1489664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1490664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1491664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1492664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1493664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1494664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1495664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1496664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1497664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39D43404454E9187689A82DF7C071193F419224E
1498664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1499664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1500664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1501664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1502664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1503664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1504664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1505664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1506664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1507664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1508664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1509664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1510664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1511664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1512664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1513664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1514664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1515664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1516664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1517664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1518664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1519664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1520664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1521664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1522664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1523664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1524664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1525664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1526664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCD6945FCF359C683136C34A509A29AE196CFAF5
1527664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_52_for_KB3167679~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1528664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1529664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1530664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1531664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1532664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1533664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1534664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7692F3D670BDC0FC9E32BAA19C7AB6DDD55F2067
1535664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1536664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1537664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1538664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1539664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1540664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1541664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CD16A55718A266ABD00ED5A81A94217318BED5ED
1542664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3153171~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1543664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1544664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1545664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1546664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ebeb1:<flags> [calling]
1547664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\crypt32.dll'
1548664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1549664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1550664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1551664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xe18aa1e1db17aa00 CN=WSUS Publishers Self-signed
1552664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1553664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1554664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1555664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x8d4f13212506d800 O=Cisco, CN=Cisco Root CA M2
1556664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1557664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1558664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x1ab75008e74d8600 CN=BCOTTING-FLVGM.cisco.com
1559664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x6a49dd19dc419a00 O=Cisco, CN=Cisco Root CA M1
1560664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1561664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x9cd30a7b3142db00 C=US, O=Cisco Systems, CN=Cisco RXC-R2
1562664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1563664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1564664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1565664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1566664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1567664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1568664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1569664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1570664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1571664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1572664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1573664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1574664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1575664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1576664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1577664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1578664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1579664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1580664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1581664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1582664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1583664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1584664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1585664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1586664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1587664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1588664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1589664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1590664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1591664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0xaafa7abb99ab000 O=Cisco Systems, CN=Cisco Root CA 2048
1592664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1593664.2020: supR3HardenedWinIsDesiredRootCA: Adding 0x6a49dd19dc419a00 O=Cisco, CN=Cisco Root CA M1
1594664.2020: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=46
1595664.2020: SUPR3HardenedMain: Load Runtime...
1596664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1597664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1598664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1599664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1600664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1601664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1602664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1603664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1604664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1605664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1606664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1607664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1608664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1609664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1610664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1611664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1612664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1613664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1614664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1615664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1616664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1617664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1618664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1619664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1620664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1621664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1622664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1623664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1624664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1625664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1626664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1627664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1628664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1629664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1630664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1631664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1632664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1633664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1634664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1635664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1636664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1637664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1638664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1639664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1640664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1641664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1642664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1643664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec1d1:<flags> [calling]
1644664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1645664.2020: supR3HardenedDllNotificationCallback: load 000007fee2ef0000 LB 0x0051f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1646664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1647664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1648664.2020: supR3HardenedDllNotificationCallback: load 0000000064ac0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1649664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1650664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1651664.2020: supR3HardenedDllNotificationCallback: load 0000000064a20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1652664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1653664.2020: supR3HardenedDllNotificationCallback: load 000007fefd600000 LB 0x0004d000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
1654664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1655664.2020: supR3HardenedDllNotificationCallback: load 000007fefed70000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
1656664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1657664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1658664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1659664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1660664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1661664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1662664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1663664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1664664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1665664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1666664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1667664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1668664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1669664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1670664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1671664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1672664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1673664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1674664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1675664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1676664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1677664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1678664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1679664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1680664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1681664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1682664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1683664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1684664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1685664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1686664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1687664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1688664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1689664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1690664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1691664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1692664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1693664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1694664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1695664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1696664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1697664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1698664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1699664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1700664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
1701664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9821:<flags> [calling]
1702664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1703664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1704664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1705664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2ef0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1706664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1707664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002edd31:<flags> [calling]
1708664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\WINDOWS\system32\Wintrust.dll'
1709664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd350000 'C:\WINDOWS\system32\crypt32.dll'
1710664.2020: SUPR3HardenedMain: Load TrustedMain...
1711664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1712664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1713664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1714664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1715664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1716664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1717664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1718664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1719664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1720664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1721664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1722664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1723664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1724664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1725664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1726664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1727664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
1728664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1729664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1730664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000554 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1731664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1732664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1733664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1734664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1735664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1736664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1737664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1738664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1739664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1740664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1741664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1742664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1743664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1744664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1745664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1746664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1747664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1748664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1749664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1750664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1751664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DE1A96FE7B52C00A8B93CF46620182B88752297B
1752664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3123862~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1753664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1754664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1755664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1756664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1757664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1758664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1759664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1760664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1761664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1762664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1763664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1764664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1765664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1766664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1767664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1768664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1769664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1770664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1771664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1772664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1773664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1774664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1775664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1776664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1777664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1778664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1779664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1780664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1781664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1782664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1783664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1784664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1785664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1786664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1787664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1788664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1789664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1790664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1791664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1792664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1793664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1794664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1795664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1796664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1797664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1798664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1799664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1800664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcp100.dll'.
1801664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
1802664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1803664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1804664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1805664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1806664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1807664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1808664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1809664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1810664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1811664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1812664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1813664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1814664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1815664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1816664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1817664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1818664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1819664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1820664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1821664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1822664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1823664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1824664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1825664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1826664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000057c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1827664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1828664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1829664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1830664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1831664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1832664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1833664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1834664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1835664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1836664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1837664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1838664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1839664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1840664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1841664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1842664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1843664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1844664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1845664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1846664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1847664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1848664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1849664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1850664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1851664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1852664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1853664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1854664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1855664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1856664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1857664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1858664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1859664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1860664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000055c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1861664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1862664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1863664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1864664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1865664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1866664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1867664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1868664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1869664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1870664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1871664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1872664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1873664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1874664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1875664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1876664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1877664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1878664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1879664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1880664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1881664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1882664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1883664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1884664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1885664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000058c pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1886664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1887664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1888664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1889664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1890664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1891664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1892664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1893664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1894664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1895664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1896664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1897664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1898664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1899664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1900664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1901664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1902664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1903664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1904664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1905664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1906664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1907664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1908664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1909664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1910664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1911664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1912664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
1913664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1914664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1915664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1916664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1917664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1918664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1919664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1920664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1921664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1922664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1923664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1924664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1925664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1926664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1927664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1928664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1929664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1930664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1931664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1932664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1933664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1934664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1935664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1936664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1937664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1938664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1939664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1940664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1941664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
1942664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1943664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1944664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000598 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1945664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1946664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1947664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1948664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1949664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1950664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1951664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1952664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1953664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1954664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1955664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1956664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1957664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1958664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1959664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1960664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000059c pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1961664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
1962664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
1963664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1964664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1965664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1966664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1967664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1968664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1969664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1970664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1971664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1972664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1973664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1974664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1975664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1976664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1977664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1978664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1979664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1980664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1981664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1982664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1983664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1984664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1985664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1986664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1987664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1988664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1989664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1990664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1991664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1992664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1993664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1994664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1995664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1996664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1997664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1998664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1999664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2000664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2001664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2002664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2003664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2004664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2005664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2006664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2007664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2008664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2009664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2010664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2011664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2012664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2013664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2014664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2015664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2016664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2017664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2018664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
2019664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
2020664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
2021664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2022664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2023664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
2024664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
2025664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2026664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2027664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2028664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2029664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
2030664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
2031664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2032664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2033664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2034664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2035664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2036664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2037664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2038664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2039664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2040664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2041664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2042664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2043664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2044664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2045664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2046664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2047664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2048664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2049664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2050664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2051664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2052664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
2053664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
2054664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2055664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2056664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2057664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2058664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
2059664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2060664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2061664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2062664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2063664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2064664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2065664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2066664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2067664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005a0 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
2068664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2069664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2070664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EB130FE5667C75A1CCDD15015B9391131942AA9
2071664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
2072664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2073664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2074664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2075664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2076664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
2077664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2078664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2079664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2080664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2081664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2082664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2083664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2084664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2085664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2086664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2087664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2088664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2089664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2090664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2091664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2092664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2093664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2094664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2095664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2096664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2097664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2098664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2099664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2100664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ec1e1:<flags> [calling]
2101664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2102664.2020: supR3HardenedDllNotificationCallback: load 000007fedb7e0000 LB 0x008e1000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2103664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
2104664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2105664.2020: supR3HardenedDllNotificationCallback: load 000007fee7720000 LB 0x0011d000 C:\WINDOWS\system32\OPENGL32.dll [fFlags=0x0]
2106664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2107664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2108664.2020: supR3HardenedDllNotificationCallback: load 000007fee76f0000 LB 0x0002d000 C:\WINDOWS\system32\GLU32.dll [fFlags=0x0]
2109664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
2110664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2111664.2020: supR3HardenedDllNotificationCallback: load 000007fee75d0000 LB 0x000f1000 C:\WINDOWS\system32\DDRAW.dll [fFlags=0x0]
2112664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
2113664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2114664.2020: supR3HardenedDllNotificationCallback: load 000007fee75c0000 LB 0x00008000 C:\WINDOWS\system32\DCIMAN32.dll [fFlags=0x0]
2115664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
2116664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2117664.2020: supR3HardenedDllNotificationCallback: load 000007fefbf00000 LB 0x00018000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
2118664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2119664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2120664.2020: supR3HardenedDllNotificationCallback: load 0000000063f60000 LB 0x00553000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2121664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2122664.2020: supR3HardenedDllNotificationCallback: load 000007fefd650000 LB 0x00d8c000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
2123664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2124664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
2125664.2020: supR3HardenedDllNotificationCallback: load 000007fefa170000 LB 0x00018000 C:\WINDOWS\system32\MPR.dll [fFlags=0x0]
2126664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
2127664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2128664.2020: supR3HardenedDllNotificationCallback: load 000007fee2940000 LB 0x005a1000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2129664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2130664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2131664.2020: supR3HardenedDllNotificationCallback: load 00000000644d0000 LB 0x0054f000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2132664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2133664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2134664.2020: supR3HardenedDllNotificationCallback: load 000007fee4800000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2135664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2136664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2137664.2020: supR3HardenedDllNotificationCallback: load 000007feec910000 LB 0x00071000 C:\WINDOWS\system32\WINSPOOL.DRV [fFlags=0x0]
2138664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2139664.2020: supR3HardenedDllNotificationCallback: load 000007fefefb0000 LB 0x00097000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
2140664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2141664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2142664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2143664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2144664.2020: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2145664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2146664.2020: supR3HardenedDllNotificationCallback: load 000007fef9270000 LB 0x000a0000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2147664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2148664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2149664.2020: supR3HardenedDllNotificationCallback: load 0000000066ca0000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2150664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2151664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2152664.2020: supR3HardenedDllNotificationCallback: load 000007fefad90000 LB 0x0003b000 C:\WINDOWS\system32\WINMM.dll [fFlags=0x0]
2153664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2154664.2020: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2155664.2020: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2156664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2157664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2158664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2159664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2160664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2161664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2162664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2163664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eb6c1:<flags> [calling]
2164664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7f0000 'C:\WINDOWS\system32\imm32.dll'
2165664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.DLL'
2166664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2167664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2168664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd090000 'C:\WINDOWS\system32\cryptbase.dll'
2169664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedb7e0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2170664.2020: SUPR3HardenedMain: Calling TrustedMain (000007fedb7e1610)...
2171664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2172664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002edd71:<flags> [calling]
2173664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
2174664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2175664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002edf71:<flags> [calling]
2176664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
2177664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2178664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee591:<flags> [calling]
2179664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\WINDOWS\system32\shell32.dll'
2180664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
2181664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'imm32.dll'.
2182664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'winmm.dll'.
2183664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2184664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
2185664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2186664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2187664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
2188664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2189664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2190664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2191664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2192664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2193664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2194664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2195664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2196664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2197664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2198664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2199664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2200664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2201664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2202664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2203664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2204664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2205664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2206664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2207664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2208664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2209664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2210664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2211664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2212664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2213664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2214664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2215664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2216664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2217664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2218664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2219664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2220664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2221664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2222664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee721:<flags> [calling]
2223664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2224664.2020: supR3HardenedDllNotificationCallback: load 000007fee2810000 LB 0x00127000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2225664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2226664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2810000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2227664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000610 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2228664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2229664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2230664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2231664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2232664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2233664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2234664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2235664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2236664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2237664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2238664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2239664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2240664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2241664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2242664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2243664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2244664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2245664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee711:<flags> [calling]
2246664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2247664.2020: supR3HardenedDllNotificationCallback: load 000007fefbf70000 LB 0x00056000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2248664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2249664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\WINDOWS\system32\uxtheme.dll'
2250664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2251664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee151:<flags> [calling]
2252664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\WINDOWS\system32\uxtheme.dll'
2253664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2254664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002edec1:<flags> [calling]
2255664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\WINDOWS\system32\uxtheme.dll'
2256664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2257664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002edec1:<flags> [calling]
2258664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\WINDOWS\system32\uxtheme.dll'
2259664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2260664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee651:<flags> [calling]
2261664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd090000 'C:\WINDOWS\system32\CRYPTBASE.dll'
2262664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2263664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\user32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee941:<flags> [calling]
2264664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772e0000 'C:\WINDOWS\system32\user32.dll'
2265664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2266664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee961:<flags> [calling]
2267664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\WINDOWS\system32\shell32.dll'
2268664.2020: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2269664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ee841:<flags> [calling]
2270664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2271664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2272664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eed81:<flags> [calling]
2273664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
2274664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2275664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eed81:<flags> [calling]
2276664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
2277664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2278664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eedd1:<flags> [calling]
2279664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\WINDOWS\system32\shell32.dll'
2280664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2281664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eeda1:<flags> [calling]
2282664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\WINDOWS\system32\uxtheme.dll'
2283664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\advapi32.dll'
2284664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2285664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eed21:<flags> [calling]
2286664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd570000 'C:\WINDOWS\system32\userenv.dll'
2287664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2288664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002eee01:<flags> [calling]
2289664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'C:\WINDOWS\system32\kernel32.dll'
2290664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000640 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2291664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2292664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2293664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2294664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2295664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2296664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2297664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2298664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2299664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2300664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2301664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2302664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2303664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2304664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2305664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2306664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2307664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2308664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2309664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2310664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2311664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2312664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2313664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2314664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2315664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2316664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2317664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2318664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ebb41:<flags> [calling]
2319664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2320664.2020: supR3HardenedDllNotificationCallback: load 000007fefef10000 LB 0x00099000 C:\WINDOWS\system32\CLBCatQ.DLL [fFlags=0x0]
2321664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2322664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef10000 'C:\WINDOWS\system32\CLBCatQ.DLL'
2323664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
2324664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2325664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ea931:<flags> [calling]
2326664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\WINDOWS\system32\CRYPTSP.dll'
2327664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000065c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2328664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2329664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2330664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2331664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2332664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2333664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2334664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2335664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2336664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2337664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2338664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ea501:<flags> [calling]
2339664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2340664.2020: supR3HardenedDllNotificationCallback: load 000007fefd140000 LB 0x00014000 C:\WINDOWS\system32\RpcRtRemote.dll [fFlags=0x0]
2341664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2342664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\WINDOWS\system32\RpcRtRemote.dll'
2343664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2344664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2345664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2346664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2347664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2348664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2349664.1c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2350664.1c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2351664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2352664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2353664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2354664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2355664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2356664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2357664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2358664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2359664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2360664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2361664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2362664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2363664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2364664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2365664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2366664.1c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a2e291:<flags> [calling]
2367664.1c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2368664.1c60: supR3HardenedDllNotificationCallback: load 000007fee2310000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2369664.1c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2370664.1c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2310000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2371664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2372664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2373664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2374664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2375664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2376664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2377664.1c60: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2378664.1c60: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2379664.1c60: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2380664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2381664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2382664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2383664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2384664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2385664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2386664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2387664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2388664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2389664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2390664.1c60: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2391664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2392664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2393664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2394664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2395664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2396664.1c60: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2397664.1c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a2cd71:<flags> [calling]
2398664.1c60: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2399664.1c60: supR3HardenedDllNotificationCallback: load 000007fee1e00000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2400664.1c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2401664.1c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1e00000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2402664.1c60: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2403664.1c60: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a2cbf1:<flags> [calling]
2404664.1c60: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\Windows\system32\oleaut32.dll'
2405664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
2406664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee00000 'C:\WINDOWS\system32\gdi32.dll'
2407664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
2408664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2409664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ea0b1:<flags> [calling]
2410664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8c0000 'C:\WINDOWS\system32\MSCTF.dll'
2411664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
2412664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2413664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e7d71:<flags> [calling]
2414664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\WINDOWS\system32\OLEAUT32.dll'
2415664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000998 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2416664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2417664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2418664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=541BC1754BDA66C5AFA188863CAE97A8C1A394C2
2419664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2420664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2421664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2422664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
2423664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2424664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'wbemcomn2.dll'.
2425664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2426664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2427664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2428664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2429664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2430664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2431664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2432664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2433664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
2434664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
2435664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009a4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2436664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2437664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2438664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AD4FA9A58F96284E34EDF1205B814E6FB4E98BDE
2439664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll'
2440664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2441664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2442664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2443664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
2444664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2445664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll) WinVerifyTrust
2446664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2447664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2448664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2449664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2450664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2451664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2452664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2453664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2454664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2455664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2456664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2457664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2458664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2459664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2460664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2461664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2462664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2463664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e6651:<flags> [calling]
2464664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2465664.2020: supR3HardenedDllNotificationCallback: load 000007fef7de0000 LB 0x0000d000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2466664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2467664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2468664.2020: supR3HardenedDllNotificationCallback: load 000007fef7d60000 LB 0x00078000 C:\WINDOWS\system32\wbemcomn2.dll [fFlags=0x0]
2469664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2470664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7de0000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2471664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009cc pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2472664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2473664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2474664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=656D0EABE265B629988CC39100476C9B333D0E51
2475664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2476664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2477664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2478664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2479664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2480664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2481664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2482664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2483664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2484664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2485664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2486664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2487664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2488664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2489664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e6291:<flags> [calling]
2490664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2491664.2020: supR3HardenedDllNotificationCallback: load 000007fef6be0000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2492664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2493664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6be0000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2494664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2495664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2496664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2497664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936A9106F3BC7A8864E839CB63D424609B958DF2
2498664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.2.7601.16406.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2499664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2500664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2501664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2502664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn2.dll'.
2503664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2504664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2505664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ntdsapi.dll'.
2506664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2507664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2508664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2509664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2510664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2511664.2020: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2512664.2020: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2513664.2020: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2514664.2020: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2515664.2020: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2516664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2517664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2518664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2519664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2520664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2521664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2522664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2523664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2524664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2525664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
2526664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
2527664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2528664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2529664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2530664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2531664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2532664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2533664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2534664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2535664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2536664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2537664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2538664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2539664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e6291:<flags> [calling]
2540664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2541664.2020: supR3HardenedDllNotificationCallback: load 000007fef77f0000 LB 0x000d0000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2542664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2543664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2544664.2020: supR3HardenedDllNotificationCallback: load 000007fef77c0000 LB 0x00027000 C:\WINDOWS\system32\NTDSAPI.dll [fFlags=0x0]
2545664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2546664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef77f0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2547664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\WINDOWS\system32\OLEAUT32.dll'
2548664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2549664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2550664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2551664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2552664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2553664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2554664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2555664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2556664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2557664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2558664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2559664.2020: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2560664.2020: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2561664.2020: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2562664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2563664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2564664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2565664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2566664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2567664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2568664.2020: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2569664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2570664.2020: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2571664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e9331:<flags> [calling]
2572664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2573664.2020: supR3HardenedDllNotificationCallback: load 000007fee1a30000 LB 0x00299000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2574664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2575664.2020: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2576664.2020: supR3HardenedDllNotificationCallback: load 000000005e260000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2577664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
2578664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1a30000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2579664.10f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2580664.10f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2581664.10f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2582664.10f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2583664.10f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2584664.10f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2585664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2586664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2587664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2588664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2589664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2590664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2591664.10f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2592664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2593664.10f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2594664.10f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000781ddd1:<flags> [calling]
2595664.10f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2596664.10f8: supR3HardenedDllNotificationCallback: load 000007fefa610000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2597664.10f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2598664.10f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa610000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2599664.10f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000772e0000 'C:\WINDOWS\system32\User32.dll'
2600664.20c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2601664.20c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2602664.20c4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2603664.20c4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2604664.20c4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2605664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2606664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2607664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2608664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2609664.20c4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2610664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2611664.20c4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2612664.20c4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000840d9f1:<flags> [calling]
2613664.20c4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2614664.20c4: supR3HardenedDllNotificationCallback: load 000007fefa570000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2615664.20c4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2616664.20c4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa570000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2617664.e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2618664.e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2619664.e00: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2620664.e00: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2621664.e00: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2622664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2623664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2624664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2625664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2626664.e00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
2627664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2628664.e00: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2629664.e00: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
2630664.e00: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006f5dd61:<flags> [calling]
2631664.e00: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2632664.e00: supR3HardenedDllNotificationCallback: load 000007fefa4c0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2633664.e00: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2634664.e00: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa4c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2635664.1ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2636664.1ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2637664.1ac0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2638664.1ac0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2639664.1ac0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2640664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2641664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2642664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2643664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2644664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2645664.1ac0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2646664.1ac0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000856dbc1:<flags> [calling]
2647664.1ac0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2648664.1ac0: supR3HardenedDllNotificationCallback: load 000007fefa440000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2649664.1ac0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2650664.1ac0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa440000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2651664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd650000 'C:\WINDOWS\system32\Shell32.dll'
2652664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005b59251:<flags> [calling]
2653664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2654664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2655664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b59291:<flags> [calling]
2656664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd250000 'C:\WINDOWS\system32\profapi.dll'
2657664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2658664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e5291:<flags> [calling]
2659664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf00000 'C:\WINDOWS\system32\dwmapi.dll'
2660664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
2661664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\WINDOWS\system32\OLEAUT32.DLL'
2662664.2020: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2663664.2020: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002e5fc1:<flags> [calling]
2664664.2020: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\WINMM.dll'
2665664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2666664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2667664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2668664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2669664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2670664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2671664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2672664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2673664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2674664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2675664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2676664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2677664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2678664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2679664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c3c pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2680664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2681664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2682664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2683664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2684664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2685664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2686664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2687664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2688664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2689664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2690664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2691664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2692664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2693664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2694664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2695664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2696664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2697664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2698664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2699664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2700664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2701664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2702664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2703664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2704664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2705664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2706664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2707664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2708664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2709664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2710664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2711664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2712664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2713664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2714664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2715664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2716664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2717664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2718664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2719664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2720664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2721664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2722664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2723664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2724664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2725664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2726664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2727664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2728664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2729664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2730664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2731664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2732664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2733664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2734664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2735664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2736664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2737664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2738664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2739664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2740664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2741664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2742664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c4c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2743664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2744664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2745664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2746664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2747664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2748664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2749664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2750664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2751664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2752664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2753664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2754664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2755664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2756664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2757664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2758664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2759664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2760664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2761664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2762664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2763664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2764664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2765664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d721:<flags> [calling]
2766664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2767664.22fc: supR3HardenedDllNotificationCallback: load 000007feda640000 LB 0x008c6000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2768664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
2769664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2770664.22fc: supR3HardenedDllNotificationCallback: load 000007fee18a0000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2771664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2772664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2773664.22fc: supR3HardenedDllNotificationCallback: load 000007fee22b0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2774664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2775664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2776664.22fc: supR3HardenedDllNotificationCallback: load 000007fef9e80000 LB 0x00027000 C:\WINDOWS\system32\IPHLPAPI.DLL [fFlags=0x0]
2777664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2778664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2779664.22fc: supR3HardenedDllNotificationCallback: load 000007fef9e70000 LB 0x0000b000 C:\WINDOWS\system32\WINNSI.DLL [fFlags=0x0]
2780664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2781664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feda640000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2782664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
2783664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d721:<flags> [calling]
2784664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2310000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2785664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2786664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d631:<flags> [calling]
2787664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee22b0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2788664.350: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2789664.350: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2790664.350: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2791664.350: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2792664.350: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2793664.350: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2794664.350: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2795664.350: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2796664.350: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2797664.350: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2798664.350: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2799664.350: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2800664.350: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000119ed981:<flags> [calling]
2801664.350: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2802664.350: supR3HardenedDllNotificationCallback: load 000007fefa430000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2803664.350: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2804664.350: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2805664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d3c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
2806664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2807664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2808664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2809664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
2810664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2811664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2812664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2813664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2814664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2815664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2816664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2817664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
2818664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
2819664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2820664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2821664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d40 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
2822664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2823664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2824664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2825664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
2826664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2827664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2828664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2829664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2830664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
2831664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2832664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2833664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2834664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2835664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2836664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2837664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2838664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2839664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2840664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2841664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2842664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2843664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2844664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2845664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2846664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2847664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2848664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2849664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2850664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d5a1:<flags> [calling]
2851664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2852664.22fc: supR3HardenedDllNotificationCallback: load 000007fee4d80000 LB 0x00088000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
2853664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2854664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2855664.22fc: supR3HardenedDllNotificationCallback: load 000007fefc0a0000 LB 0x0002c000 C:\WINDOWS\System32\POWRPROF.dll [fFlags=0x0]
2856664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
2857664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2858664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5c821:<flags> [calling]
2859664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4d80000 'C:\WINDOWS\System32\dsound.dll'
2860664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4d80000 'C:\WINDOWS\System32\dsound.dll'
2861664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
2862664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d5e1:<flags> [calling]
2863664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4d80000 'C:\WINDOWS\system32\dsound.dll'
2864664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d50 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2865664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2866664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2867664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2868664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
2869664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2870664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2871664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2872664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2873664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2874664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2875664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2876664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2877664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2878664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
2879664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2880664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2881664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2882664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
2883664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2884664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2885664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2886664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2887664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2888664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2889664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
2890664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
2891664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2892664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2893664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2894664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2895664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2896664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2897664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2898664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2899664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2900664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2901664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2902664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2903664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2904664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2905664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2906664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2907664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2908664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d021:<flags> [calling]
2909664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2910664.22fc: supR3HardenedDllNotificationCallback: load 000007fefbea0000 LB 0x0004b000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
2911664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2912664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2913664.22fc: supR3HardenedDllNotificationCallback: load 000007fefbd70000 LB 0x0012c000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
2914664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
2915664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe710000 'C:\WINDOWS\system32\ADVAPI32.dll'
2916664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbea0000 'C:\WINDOWS\System32\MMDevApi.dll'
2917664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
2918664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2919664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d331:<flags> [calling]
2920664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe450000 'C:\WINDOWS\system32\SETUPAPI.dll'
2921664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2922664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5e1e1:<flags> [calling]
2923664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\WINDOWS\system32\SHLWAPI.dll'
2924664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2925664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5e401:<flags> [calling]
2926664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbea0000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
2927664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
2928664.2064: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
2929664.2064: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000014dcf8b1:<flags> [calling]
2930664.2064: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd260000 'C:\WINDOWS\system32\CFGMGR32.dll'
2931664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2932664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5e031:<flags> [calling]
2933664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
2934664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005b5de91:<flags> [calling]
2935664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2936664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000005b5de91:<flags> [calling]
2937664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff320000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2938664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6e0000 'C:\WINDOWS\system32\RPCRT4.dll'
2939664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2940664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5def1:<flags> [calling]
2941664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbea0000 'C:\WINDOWS\system32\MMDevAPI.DLL'
2942664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000da8 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2943664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2944664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2945664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
2946664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
2947664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2948664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2949664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2950664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2951664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2952664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
2953664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
2954664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
2955664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
2956664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
2957664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2958664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
2959664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
2960664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d94 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
2961664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2962664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2963664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
2964664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
2965664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2966664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
2967664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
2968664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
2969664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
2970664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
2971664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
2972664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
2973664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
2974664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
2975664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
2976664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
2977664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
2978664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2979664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2980664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
2981664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2982664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2983664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2984664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2985664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2986664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2987664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2988664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2989664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2990664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2991664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2992664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2993664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2994664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5da61:<flags> [calling]
2995664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2996664.22fc: supR3HardenedDllNotificationCallback: load 000007fefac40000 LB 0x0003b000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
2997664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
2998664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
2999664.22fc: supR3HardenedDllNotificationCallback: load 0000000074e10000 LB 0x00006000 C:\WINDOWS\system32\ksuser.dll [fFlags=0x0]
3000664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3001664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3002664.22fc: supR3HardenedDllNotificationCallback: load 000007fefc090000 LB 0x00009000 C:\WINDOWS\system32\AVRT.dll [fFlags=0x0]
3003664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3004664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3005664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3006664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5da61:<flags> [calling]
3007664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3008664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3009664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc11:<flags> [calling]
3010664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3011664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3012664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc11:<flags> [calling]
3013664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3014664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3015664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc11:<flags> [calling]
3016664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3017664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ddc pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3018664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
3019664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
3020664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CFCA643693E82633EB61E3B838F7FBA097082A81
3021664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_114_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
3022664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3023664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3024664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3025664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3026664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3027664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3028664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3029664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3030664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3031664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3032664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3033664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3034664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3035664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3036664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3037664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3038664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3039664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3040664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3041664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3042664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3043664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3044664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3045664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
3046664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3047664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3048664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc21:<flags> [calling]
3049664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3050664.22fc: supR3HardenedDllNotificationCallback: load 000007fefaa90000 LB 0x0004f000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
3051664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3052664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa90000 'C:\WINDOWS\system32\AUDIOSES.DLL'
3053664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3054664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc11:<flags> [calling]
3055664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3056664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3057664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc11:<flags> [calling]
3058664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3059664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac40000 'C:\WINDOWS\system32\wdmaud.drv'
3060664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3061664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
3062664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
3063664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3064664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3065664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3066664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3067664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3068664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3069664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3070664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3071664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3072664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3073664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3074664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3075664.22fc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3076664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3077664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3078664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dfc pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
3079664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
3080664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
3081664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3082664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
3083664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3084664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3085664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3086664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3087664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3088664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3089664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3090664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3091664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3092664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3093664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3094664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3095664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3096664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3097664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3098664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3099664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3100664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3101664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3102664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3103664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3104664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3105664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3106664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3107664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5da11:<flags> [calling]
3108664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3109664.22fc: supR3HardenedDllNotificationCallback: load 000007fefaa20000 LB 0x0000a000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
3110664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3111664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3112664.22fc: supR3HardenedDllNotificationCallback: load 000007fefaa00000 LB 0x00018000 C:\WINDOWS\system32\MSACM32.dll [fFlags=0x0]
3113664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3114664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3115664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3116664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3117664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3118664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3119664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3120664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3121664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3122664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3123664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3124664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3125664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3126664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3127664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3128664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3129664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3130664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3131664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d411:<flags> [calling]
3132664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3133664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3134664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3135664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa20000 'C:\WINDOWS\system32\msacm32.drv'
3136664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e00 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3137664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939bf0
3138664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939bf0
3139664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3140664.22fc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3141664.22fc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3142664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3143664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3144664.22fc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3145664.22fc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3146664.22fc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3147664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3148664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3149664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3150664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3151664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3152664.22fc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3153664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5da11:<flags> [calling]
3154664.22fc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3155664.22fc: supR3HardenedDllNotificationCallback: load 000007fefa9f0000 LB 0x00009000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
3156664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3157664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\WINDOWS\system32\midimap.dll'
3158664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3159664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d3e1:<flags> [calling]
3160664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\WINDOWS\system32\midimap.dll'
3161664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3162664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d3e1:<flags> [calling]
3163664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\WINDOWS\system32\midimap.dll'
3164664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3165664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5da11:<flags> [calling]
3166664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa9f0000 'C:\WINDOWS\system32\midimap.dll'
3167664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3168664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3169664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3170664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4d0000 'C:\WINDOWS\system32\ole32.dll'
3171664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3172664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5e031:<flags> [calling]
3173664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3174664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3175664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3176664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3177664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d5f1:<flags> [calling]
3178664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4d80000 'C:\WINDOWS\system32\dsound.dll'
3179664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3180664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3181664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3182664.2108: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3183664.2108: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001556dc61:<flags> [calling]
3184664.2108: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaa90000 'C:\WINDOWS\System32\audioses.dll'
3185664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3186664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5d7a1:<flags> [calling]
3187664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4d80000 'C:\WINDOWS\system32\dsound.dll'
3188664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefad90000 'C:\WINDOWS\system32\winmm.dll'
3189664.22fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3190664.22fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005b5dc71:<flags> [calling]
3191664.22fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773e0000 'C:\WINDOWS\system32\kernel32.dll'
3192664.1d18: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
3193664.1d18: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000005c5f631:<flags> [calling]
3194664.1d18: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe630000 'C:\WINDOWS\system32\OLEAUT32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy