VirtualBox

Ticket #16075: VBoxHardening.log

File VBoxHardening.log, 350.3 KB (added by craymichael, 8 years ago)
Line 
1255c.37bc: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2255c.37bc: \SystemRoot\System32\ntdll.dll:
3255c.37bc: CreationTime: 2016-09-15T07:07:03.725158700Z
4255c.37bc: LastWriteTime: 2016-09-02T15:34:22.580320100Z
5255c.37bc: ChangeTime: 2016-09-16T12:47:08.412071600Z
6255c.37bc: FileAttributes: 0x20
7255c.37bc: Size: 0x1a7100
8255c.37bc: NT Headers: 0xe0
9255c.37bc: Timestamp: 0x57c99b8f
10255c.37bc: Machine: 0x8664 - amd64
11255c.37bc: Timestamp: 0x57c99b8f
12255c.37bc: Image Version: 6.1
13255c.37bc: SizeOfImage: 0x1aa000 (1744896)
14255c.37bc: Resource Dir: 0x14e000 LB 0x5a028
15255c.37bc: ProductName: Microsoft® Windows® Operating System
16255c.37bc: ProductVersion: 6.1.7601.23539
17255c.37bc: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
18255c.37bc: FileDescription: NT Layer DLL
19255c.37bc: \SystemRoot\System32\kernel32.dll:
20255c.37bc: CreationTime: 2016-09-15T07:07:04.344282500Z
21255c.37bc: LastWriteTime: 2016-09-02T15:30:50.136000000Z
22255c.37bc: ChangeTime: 2016-09-16T12:47:11.432373600Z
23255c.37bc: FileAttributes: 0x20
24255c.37bc: Size: 0x11c000
25255c.37bc: NT Headers: 0xe0
26255c.37bc: Timestamp: 0x57c99bd3
27255c.37bc: Machine: 0x8664 - amd64
28255c.37bc: Timestamp: 0x57c99bd3
29255c.37bc: Image Version: 6.1
30255c.37bc: SizeOfImage: 0x11f000 (1175552)
31255c.37bc: Resource Dir: 0x116000 LB 0x528
32255c.37bc: ProductName: Microsoft® Windows® Operating System
33255c.37bc: ProductVersion: 6.1.7601.23539
34255c.37bc: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
35255c.37bc: FileDescription: Windows NT BASE API Client DLL
36255c.37bc: \SystemRoot\System32\KernelBase.dll:
37255c.37bc: CreationTime: 2016-09-15T07:07:06.292172000Z
38255c.37bc: LastWriteTime: 2016-09-02T15:30:50.152000000Z
39255c.37bc: ChangeTime: 2016-09-16T12:47:11.473377700Z
40255c.37bc: FileAttributes: 0x20
41255c.37bc: Size: 0x66800
42255c.37bc: NT Headers: 0xe8
43255c.37bc: Timestamp: 0x57c99bd4
44255c.37bc: Machine: 0x8664 - amd64
45255c.37bc: Timestamp: 0x57c99bd4
46255c.37bc: Image Version: 6.1
47255c.37bc: SizeOfImage: 0x6a000 (434176)
48255c.37bc: Resource Dir: 0x68000 LB 0x530
49255c.37bc: ProductName: Microsoft® Windows® Operating System
50255c.37bc: ProductVersion: 6.1.7601.23539
51255c.37bc: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
52255c.37bc: FileDescription: Windows NT BASE API Client DLL
53255c.37bc: \SystemRoot\System32\apisetschema.dll:
54255c.37bc: CreationTime: 2016-09-15T07:07:08.885690600Z
55255c.37bc: LastWriteTime: 2016-09-02T15:30:45.191000000Z
56255c.37bc: ChangeTime: 2016-09-16T12:47:08.130043400Z
57255c.37bc: FileAttributes: 0x20
58255c.37bc: Size: 0x1a00
59255c.37bc: NT Headers: 0xc0
60255c.37bc: Timestamp: 0x57c99b6e
61255c.37bc: Machine: 0x8664 - amd64
62255c.37bc: Timestamp: 0x57c99b6e
63255c.37bc: Image Version: 6.1
64255c.37bc: SizeOfImage: 0x50000 (327680)
65255c.37bc: Resource Dir: 0x30000 LB 0x3f8
66255c.37bc: ProductName: Microsoft® Windows® Operating System
67255c.37bc: ProductVersion: 6.1.7601.23539
68255c.37bc: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
69255c.37bc: FileDescription: ApiSet Schema DLL
70255c.37bc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
71255c.37bc: supR3HardenedWinFindAdversaries: 0x3
72255c.37bc: \SystemRoot\System32\drivers\SysPlant.sys:
73255c.37bc: CreationTime: 2016-04-18T13:47:53.957114200Z
74255c.37bc: LastWriteTime: 2016-04-18T13:47:53.957114200Z
75255c.37bc: ChangeTime: 2016-04-18T13:47:53.957114200Z
76255c.37bc: FileAttributes: 0x20
77255c.37bc: Size: 0x29170
78255c.37bc: NT Headers: 0xf0
79255c.37bc: Timestamp: 0x562ae30d
80255c.37bc: Machine: 0x8664 - amd64
81255c.37bc: Timestamp: 0x562ae30d
82255c.37bc: Image Version: 5.0
83255c.37bc: SizeOfImage: 0x2f000 (192512)
84255c.37bc: Resource Dir: 0x2d000 LB 0x498
85255c.37bc: ProductName: Symantec CMC Firewall
86255c.37bc: ProductVersion: 12.1.6608.6300
87255c.37bc: FileVersion: 12.1.6608.6300
88255c.37bc: FileDescription: Symantec CMC Firewall SysPlant
89255c.37bc: \SystemRoot\System32\sysfer.dll:
90255c.37bc: CreationTime: 2016-04-18T13:47:53.955114000Z
91255c.37bc: LastWriteTime: 2016-04-18T13:47:53.956114100Z
92255c.37bc: ChangeTime: 2016-04-18T13:47:53.956114100Z
93255c.37bc: FileAttributes: 0x20
94255c.37bc: Size: 0x72038
95255c.37bc: NT Headers: 0xe8
96255c.37bc: Timestamp: 0x562ae313
97255c.37bc: Machine: 0x8664 - amd64
98255c.37bc: Timestamp: 0x562ae313
99255c.37bc: Image Version: 0.0
100255c.37bc: SizeOfImage: 0x89000 (561152)
101255c.37bc: Resource Dir: 0x87000 LB 0x630
102255c.37bc: ProductName: Symantec CMC Firewall
103255c.37bc: ProductVersion: 12.1.6608.6300
104255c.37bc: FileVersion: 12.1.6608.6300
105255c.37bc: FileDescription: Symantec CMC Firewall sysfer
106255c.37bc: \SystemRoot\System32\drivers\symevent64x86.sys:
107255c.37bc: CreationTime: 2016-04-18T13:49:21.740891700Z
108255c.37bc: LastWriteTime: 2016-04-18T13:49:21.425860200Z
109255c.37bc: ChangeTime: 2016-04-18T13:49:21.425860200Z
110255c.37bc: FileAttributes: 0x20
111255c.37bc: Size: 0x2b8d8
112255c.37bc: NT Headers: 0xe8
113255c.37bc: Timestamp: 0x54b87d44
114255c.37bc: Machine: 0x8664 - amd64
115255c.37bc: Timestamp: 0x54b87d44
116255c.37bc: Image Version: 6.0
117255c.37bc: SizeOfImage: 0x38000 (229376)
118255c.37bc: Resource Dir: 0x36000 LB 0x3c8
119255c.37bc: ProductName: SYMEVENT
120255c.37bc: ProductVersion: 12.9.6.12
121255c.37bc: FileVersion: 12.9.6.12
122255c.37bc: FileDescription: Symantec Event Library
123255c.37bc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
124255c.37bc: Calling main()
125255c.37bc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
126255c.37bc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
127255c.37bc: SUPR3HardenedMain: Respawn #1
128255c.37bc: System32: \Device\HarddiskVolume2\Windows\System32
129255c.37bc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
130255c.37bc: KnownDllPath: C:\windows\system32
131255c.37bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
132255c.37bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
133255c.37bc: supR3HardNtEnableThreadCreation:
134255c.37bc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775fa0e0 pvNtTerminateThread=000000007761c060
135255c.37bc: supR3HardenedWinDoReSpawn(1): New child 3380.1aac [kernel32].
136255c.37bc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
137255c.37bc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000775d0000 uNtDllChildAddr=00000000775d0000
138255c.37bc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000775fa0e0
139255c.37bc: supR3HardenedWinSetupChildInit: Start child.
140255c.37bc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
141255c.37bc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
142255c.37bc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
143255c.37bc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
144255c.37bc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
145255c.37bc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
146255c.37bc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
147255c.37bc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
148255c.37bc: 0000000000041000-fffffffffff01fff 0x0001/0x0000 0x0000000
149255c.37bc: *0000000000180000-0000000000083fff 0x0000/0x0004 0x0020000
150255c.37bc: 000000000027c000-0000000000279fff 0x0104/0x0004 0x0020000
151255c.37bc: 000000000027e000-000000000027bfff 0x0004/0x0004 0x0020000
152255c.37bc: 0000000000280000-ffffffff88f2ffff 0x0001/0x0000 0x0000000
153255c.37bc: *00000000775d0000-00000000775d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
154255c.37bc: 00000000775d1000-00000000776cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
155255c.37bc: 00000000776ce000-00000000776fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
156255c.37bc: 00000000776fd000-0000000077706fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
157255c.37bc: 0000000077707000-0000000077707fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
158255c.37bc: 0000000077708000-000000007770afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
159255c.37bc: 000000007770b000-0000000077779fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
160255c.37bc: 000000007777a000-000000006ff13fff 0x0001/0x0000 0x0000000
161255c.37bc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
162255c.37bc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
163255c.37bc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
164255c.37bc: 000000007fff0000-ffffffffc062ffff 0x0001/0x0000 0x0000000
165255c.37bc: *000000013f9b0000-000000013f9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
166255c.37bc: 000000013f9b1000-000000013fa20fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
167255c.37bc: 000000013fa21000-000000013fa21fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
168255c.37bc: 000000013fa22000-000000013fa66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
169255c.37bc: 000000013fa67000-000000013fa67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
170255c.37bc: 000000013fa68000-000000013fa68fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
171255c.37bc: 000000013fa69000-000000013fa6dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
172255c.37bc: 000000013fa6e000-000000013fa6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
173255c.37bc: 000000013fa6f000-000000013fa6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
174255c.37bc: 000000013fa70000-000000013fa73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
175255c.37bc: 000000013fa74000-000000013fabbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
176255c.37bc: 000000013fabc000-fffff8037fc87fff 0x0001/0x0000 0x0000000
177255c.37bc: *000007feff8f0000-000007feff8f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
178255c.37bc: 000007feff8f1000-000007fdff231fff 0x0001/0x0000 0x0000000
179255c.37bc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
180255c.37bc: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
181255c.37bc: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
182255c.37bc: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
183255c.37bc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
184255c.37bc: apisetschema.dll: timestamp 0x57c99b6e (rc=VINF_SUCCESS)
185255c.37bc: VirtualBox.exe: timestamp 0x5772960f (rc=VINF_SUCCESS)
186255c.37bc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
187255c.37bc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
188255c.37bc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
189255c.37bc: supR3HardNtChildPurify: Done after 559 ms and 0 fixes (loop #0).
190255c.37bc: supR3HardNtEnableThreadCreation:
1913380.1aac: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1923380.1aac: supR3HardenedVmProcessInit: uNtDllAddr=00000000775d0000 g_uNtVerCombined=0x611db100
1933380.1aac: ntdll.dll: timestamp 0x57c99b8f (rc=VINF_SUCCESS)
1943380.1aac: New simple heap: #1 0000000000280000 LB 0x400000 (for 1744896 allocation)
1953380.1aac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
1963380.1aac: System32: \Device\HarddiskVolume2\Windows\System32
1973380.1aac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1983380.1aac: KnownDllPath: C:\windows\system32
1993380.1aac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2003380.1aac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2013380.1aac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2023380.1aac: Registered Dll notification callback with NTDLL.
2033380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2043380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2053380.1aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2063380.1aac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2073380.1aac: supR3HardenedDllNotificationCallback: load 00000000774b0000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
2083380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2093380.1aac: supR3HardenedDllNotificationCallback: load 000007fefd3a0000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
2103380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2113380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
2123380.1aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32\kernel32.dll'
2133380.1aac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775fa0e0 pvNtTerminateThread=000000007761c060
2143380.1aac: \SystemRoot\System32\ntdll.dll:
2153380.1aac: CreationTime: 2016-09-15T07:07:03.725158700Z
2163380.1aac: LastWriteTime: 2016-09-02T15:34:22.580320100Z
2173380.1aac: ChangeTime: 2016-09-16T12:47:08.412071600Z
2183380.1aac: FileAttributes: 0x20
2193380.1aac: Size: 0x1a7100
2203380.1aac: NT Headers: 0xe0
2213380.1aac: Timestamp: 0x57c99b8f
2223380.1aac: Machine: 0x8664 - amd64
2233380.1aac: Timestamp: 0x57c99b8f
2243380.1aac: Image Version: 6.1
2253380.1aac: SizeOfImage: 0x1aa000 (1744896)
2263380.1aac: Resource Dir: 0x14e000 LB 0x5a028
2273380.1aac: ProductName: Microsoft® Windows® Operating System
2283380.1aac: ProductVersion: 6.1.7601.23539
2293380.1aac: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
2303380.1aac: FileDescription: NT Layer DLL
2313380.1aac: \SystemRoot\System32\kernel32.dll:
2323380.1aac: CreationTime: 2016-09-15T07:07:04.344282500Z
2333380.1aac: LastWriteTime: 2016-09-02T15:30:50.136000000Z
2343380.1aac: ChangeTime: 2016-09-16T12:47:11.432373600Z
2353380.1aac: FileAttributes: 0x20
2363380.1aac: Size: 0x11c000
2373380.1aac: NT Headers: 0xe0
2383380.1aac: Timestamp: 0x57c99bd3
2393380.1aac: Machine: 0x8664 - amd64
2403380.1aac: Timestamp: 0x57c99bd3
2413380.1aac: Image Version: 6.1
2423380.1aac: SizeOfImage: 0x11f000 (1175552)
2433380.1aac: Resource Dir: 0x116000 LB 0x528
2443380.1aac: ProductName: Microsoft® Windows® Operating System
2453380.1aac: ProductVersion: 6.1.7601.23539
2463380.1aac: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
2473380.1aac: FileDescription: Windows NT BASE API Client DLL
248255c.37bc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 41 ms.
2493380.1aac: \SystemRoot\System32\KernelBase.dll:
2503380.1aac: CreationTime: 2016-09-15T07:07:06.292172000Z
2513380.1aac: LastWriteTime: 2016-09-02T15:30:50.152000000Z
2523380.1aac: ChangeTime: 2016-09-16T12:47:11.473377700Z
2533380.1aac: FileAttributes: 0x20
2543380.1aac: Size: 0x66800
2553380.1aac: NT Headers: 0xe8
2563380.1aac: Timestamp: 0x57c99bd4
2573380.1aac: Machine: 0x8664 - amd64
2583380.1aac: Timestamp: 0x57c99bd4
2593380.1aac: Image Version: 6.1
2603380.1aac: SizeOfImage: 0x6a000 (434176)
2613380.1aac: Resource Dir: 0x68000 LB 0x530
2623380.1aac: ProductName: Microsoft® Windows® Operating System
2633380.1aac: ProductVersion: 6.1.7601.23539
2643380.1aac: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
2653380.1aac: FileDescription: Windows NT BASE API Client DLL
2663380.1aac: \SystemRoot\System32\apisetschema.dll:
2673380.1aac: CreationTime: 2016-09-15T07:07:08.885690600Z
2683380.1aac: LastWriteTime: 2016-09-02T15:30:45.191000000Z
2693380.1aac: ChangeTime: 2016-09-16T12:47:08.130043400Z
2703380.1aac: FileAttributes: 0x20
2713380.1aac: Size: 0x1a00
2723380.1aac: NT Headers: 0xc0
2733380.1aac: Timestamp: 0x57c99b6e
2743380.1aac: Machine: 0x8664 - amd64
2753380.1aac: Timestamp: 0x57c99b6e
2763380.1aac: Image Version: 6.1
2773380.1aac: SizeOfImage: 0x50000 (327680)
2783380.1aac: Resource Dir: 0x30000 LB 0x3f8
2793380.1aac: ProductName: Microsoft® Windows® Operating System
2803380.1aac: ProductVersion: 6.1.7601.23539
2813380.1aac: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
2823380.1aac: FileDescription: ApiSet Schema DLL
2833380.1aac: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2843380.1aac: supR3HardenedWinFindAdversaries: 0x3
2853380.1aac: \SystemRoot\System32\drivers\SysPlant.sys:
2863380.1aac: CreationTime: 2016-04-18T13:47:53.957114200Z
2873380.1aac: LastWriteTime: 2016-04-18T13:47:53.957114200Z
2883380.1aac: ChangeTime: 2016-04-18T13:47:53.957114200Z
2893380.1aac: FileAttributes: 0x20
2903380.1aac: Size: 0x29170
2913380.1aac: NT Headers: 0xf0
2923380.1aac: Timestamp: 0x562ae30d
2933380.1aac: Machine: 0x8664 - amd64
2943380.1aac: Timestamp: 0x562ae30d
2953380.1aac: Image Version: 5.0
2963380.1aac: SizeOfImage: 0x2f000 (192512)
2973380.1aac: Resource Dir: 0x2d000 LB 0x498
2983380.1aac: ProductName: Symantec CMC Firewall
2993380.1aac: ProductVersion: 12.1.6608.6300
3003380.1aac: FileVersion: 12.1.6608.6300
3013380.1aac: FileDescription: Symantec CMC Firewall SysPlant
3023380.1aac: \SystemRoot\System32\sysfer.dll:
3033380.1aac: CreationTime: 2016-04-18T13:47:53.955114000Z
3043380.1aac: LastWriteTime: 2016-04-18T13:47:53.956114100Z
3053380.1aac: ChangeTime: 2016-04-18T13:47:53.956114100Z
3063380.1aac: FileAttributes: 0x20
3073380.1aac: Size: 0x72038
3083380.1aac: NT Headers: 0xe8
3093380.1aac: Timestamp: 0x562ae313
3103380.1aac: Machine: 0x8664 - amd64
3113380.1aac: Timestamp: 0x562ae313
3123380.1aac: Image Version: 0.0
3133380.1aac: SizeOfImage: 0x89000 (561152)
3143380.1aac: Resource Dir: 0x87000 LB 0x630
3153380.1aac: ProductName: Symantec CMC Firewall
3163380.1aac: ProductVersion: 12.1.6608.6300
3173380.1aac: FileVersion: 12.1.6608.6300
3183380.1aac: FileDescription: Symantec CMC Firewall sysfer
3193380.1aac: \SystemRoot\System32\drivers\symevent64x86.sys:
3203380.1aac: CreationTime: 2016-04-18T13:49:21.740891700Z
3213380.1aac: LastWriteTime: 2016-04-18T13:49:21.425860200Z
3223380.1aac: ChangeTime: 2016-04-18T13:49:21.425860200Z
3233380.1aac: FileAttributes: 0x20
3243380.1aac: Size: 0x2b8d8
3253380.1aac: NT Headers: 0xe8
3263380.1aac: Timestamp: 0x54b87d44
3273380.1aac: Machine: 0x8664 - amd64
3283380.1aac: Timestamp: 0x54b87d44
3293380.1aac: Image Version: 6.0
3303380.1aac: SizeOfImage: 0x38000 (229376)
3313380.1aac: Resource Dir: 0x36000 LB 0x3c8
3323380.1aac: ProductName: SYMEVENT
3333380.1aac: ProductVersion: 12.9.6.12
3343380.1aac: FileVersion: 12.9.6.12
3353380.1aac: FileDescription: Symantec Event Library
3363380.1aac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3373380.1aac: Calling main()
3383380.1aac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
3393380.1aac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3403380.1aac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
3413380.1aac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
3423380.1aac: SUPR3HardenedMain: Respawn #2
3433380.1aac: supR3HardNtEnableThreadCreation:
3443380.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3453380.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
3463380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
3473380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
3483380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3493380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3503380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
3513380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
3523380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3533380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3543380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
3553380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
3563380.1aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.DLL (Input=ADVAPI32.DLL, rcNtResolve=0xc0150008) *pfFlags=0x1000 pwszSearchPath=0000000000000000:<flags> [calling]
3573380.1aac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3583380.1aac: supR3HardenedDllNotificationCallback: load 000007feff800000 LB 0x000db000 C:\windows\system32\ADVAPI32.DLL [fFlags=0x0]
3593380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
3603380.1aac: supR3HardenedDllNotificationCallback: load 000007fefe9d0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
3613380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3623380.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
3633380.1aac: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
3643380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
3653380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
3663380.1aac: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
3673380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
3683380.1aac: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
3693380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3703380.1aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.DLL'
3713380.1aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
3723380.1aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
3733380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3743380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3753380.1aac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
3763380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3773380.1aac: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3783380.1aac: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
3793380.1aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3803380.1aac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3813380.1aac: supR3HardenedDllNotificationCallback: load 000007fefd140000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
3823380.1aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3833380.1aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd140000 'C:\windows\system32\apphelp.dll'
3843380.1aac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775fa0e0 pvNtTerminateThread=000000007761c060
3853380.1aac: supR3HardenedWinDoReSpawn(2): New child 1d38.2ba8 [kernel32].
3863380.1aac: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
3873380.1aac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000775d0000 uNtDllChildAddr=00000000775d0000
3883380.1aac: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000775fa0e0
3893380.1aac: supR3HardenedWinSetupChildInit: Start child.
3903380.1aac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3913380.1aac: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
3923380.1aac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3933380.1aac: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
3943380.1aac: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
3953380.1aac: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
3963380.1aac: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
3973380.1aac: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
3983380.1aac: 0000000000041000-0000000000011fff 0x0001/0x0000 0x0000000
3993380.1aac: *0000000000070000-fffffffffff73fff 0x0000/0x0004 0x0020000
4003380.1aac: 000000000016c000-0000000000169fff 0x0104/0x0004 0x0020000
4013380.1aac: 000000000016e000-000000000016bfff 0x0004/0x0004 0x0020000
4023380.1aac: 0000000000170000-ffffffff88d0ffff 0x0001/0x0000 0x0000000
4033380.1aac: *00000000775d0000-00000000775d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4043380.1aac: 00000000775d1000-00000000776cdfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4053380.1aac: 00000000776ce000-00000000776fcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4063380.1aac: 00000000776fd000-0000000077706fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4073380.1aac: 0000000077707000-0000000077707fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4083380.1aac: 0000000077708000-000000007770afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4093380.1aac: 000000007770b000-0000000077779fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
4103380.1aac: 000000007777a000-000000006ff13fff 0x0001/0x0000 0x0000000
4113380.1aac: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
4123380.1aac: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
4133380.1aac: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
4143380.1aac: 000000007fff0000-ffffffffc062ffff 0x0001/0x0000 0x0000000
4153380.1aac: *000000013f9b0000-000000013f9b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4163380.1aac: 000000013f9b1000-000000013fa20fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4173380.1aac: 000000013fa21000-000000013fa21fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4183380.1aac: 000000013fa22000-000000013fa66fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4193380.1aac: 000000013fa67000-000000013fa67fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4203380.1aac: 000000013fa68000-000000013fa68fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4213380.1aac: 000000013fa69000-000000013fa6dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4223380.1aac: 000000013fa6e000-000000013fa6efff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4233380.1aac: 000000013fa6f000-000000013fa6ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4243380.1aac: 000000013fa70000-000000013fa73fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4253380.1aac: 000000013fa74000-000000013fabbfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
4263380.1aac: 000000013fabc000-fffff8037fc87fff 0x0001/0x0000 0x0000000
4273380.1aac: *000007feff8f0000-000007feff8f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
4283380.1aac: 000007feff8f1000-000007fdff231fff 0x0001/0x0000 0x0000000
4293380.1aac: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
4303380.1aac: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
4313380.1aac: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
4323380.1aac: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
4333380.1aac: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
4343380.1aac: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
4353380.1aac: apisetschema.dll: timestamp 0x57c99b6e (rc=VINF_SUCCESS)
4363380.1aac: VirtualBox.exe: timestamp 0x5772960f (rc=VINF_SUCCESS)
4373380.1aac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4383380.1aac: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
4393380.1aac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
4403380.1aac: supR3HardNtChildPurify: Done after 559 ms and 0 fixes (loop #0).
4413380.1aac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000280000 LB 0x400000)
4423380.1aac: supR3HardNtEnableThreadCreation:
4431d38.2ba8: Log file opened: 5.0.24r108355 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
4441d38.2ba8: supR3HardenedVmProcessInit: uNtDllAddr=00000000775d0000 g_uNtVerCombined=0x611db100
4451d38.2ba8: ntdll.dll: timestamp 0x57c99b8f (rc=VINF_SUCCESS)
4461d38.2ba8: New simple heap: #1 0000000000270000 LB 0x400000 (for 1744896 allocation)
4471d38.2ba8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4481d38.2ba8: System32: \Device\HarddiskVolume2\Windows\System32
4491d38.2ba8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
4501d38.2ba8: KnownDllPath: C:\windows\system32
4511d38.2ba8: supR3HardenedVmProcessInit: Opening vboxdrv...
4521d38.2ba8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
4531d38.2ba8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
4541d38.2ba8: Registered Dll notification callback with NTDLL.
4551d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
4561d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
4571d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
4581d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4591d38.2ba8: supR3HardenedDllNotificationCallback: load 00000000774b0000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
4601d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
4611d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd3a0000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
4621d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
4631d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
4641d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32\kernel32.dll'
4651d38.2ba8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000775fa0e0 pvNtTerminateThread=000000007761c060
4663380.1aac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 56 ms.
4671d38.2ba8: \SystemRoot\System32\ntdll.dll:
4681d38.2ba8: CreationTime: 2016-09-15T07:07:03.725158700Z
4691d38.2ba8: LastWriteTime: 2016-09-02T15:34:22.580320100Z
4701d38.2ba8: ChangeTime: 2016-09-16T12:47:08.412071600Z
4711d38.2ba8: FileAttributes: 0x20
4721d38.2ba8: Size: 0x1a7100
4731d38.2ba8: NT Headers: 0xe0
4741d38.2ba8: Timestamp: 0x57c99b8f
4751d38.2ba8: Machine: 0x8664 - amd64
4761d38.2ba8: Timestamp: 0x57c99b8f
4771d38.2ba8: Image Version: 6.1
4781d38.2ba8: SizeOfImage: 0x1aa000 (1744896)
4791d38.2ba8: Resource Dir: 0x14e000 LB 0x5a028
4801d38.2ba8: ProductName: Microsoft® Windows® Operating System
4811d38.2ba8: ProductVersion: 6.1.7601.23539
4821d38.2ba8: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
4831d38.2ba8: FileDescription: NT Layer DLL
4841d38.2ba8: \SystemRoot\System32\kernel32.dll:
4851d38.2ba8: CreationTime: 2016-09-15T07:07:04.344282500Z
4861d38.2ba8: LastWriteTime: 2016-09-02T15:30:50.136000000Z
4871d38.2ba8: ChangeTime: 2016-09-16T12:47:11.432373600Z
4881d38.2ba8: FileAttributes: 0x20
4891d38.2ba8: Size: 0x11c000
4901d38.2ba8: NT Headers: 0xe0
4911d38.2ba8: Timestamp: 0x57c99bd3
4921d38.2ba8: Machine: 0x8664 - amd64
4931d38.2ba8: Timestamp: 0x57c99bd3
4941d38.2ba8: Image Version: 6.1
4951d38.2ba8: SizeOfImage: 0x11f000 (1175552)
4961d38.2ba8: Resource Dir: 0x116000 LB 0x528
4971d38.2ba8: ProductName: Microsoft® Windows® Operating System
4981d38.2ba8: ProductVersion: 6.1.7601.23539
4991d38.2ba8: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
5001d38.2ba8: FileDescription: Windows NT BASE API Client DLL
5011d38.2ba8: \SystemRoot\System32\KernelBase.dll:
5021d38.2ba8: CreationTime: 2016-09-15T07:07:06.292172000Z
5031d38.2ba8: LastWriteTime: 2016-09-02T15:30:50.152000000Z
5041d38.2ba8: ChangeTime: 2016-09-16T12:47:11.473377700Z
5051d38.2ba8: FileAttributes: 0x20
5061d38.2ba8: Size: 0x66800
5071d38.2ba8: NT Headers: 0xe8
5081d38.2ba8: Timestamp: 0x57c99bd4
5091d38.2ba8: Machine: 0x8664 - amd64
5101d38.2ba8: Timestamp: 0x57c99bd4
5111d38.2ba8: Image Version: 6.1
5121d38.2ba8: SizeOfImage: 0x6a000 (434176)
5131d38.2ba8: Resource Dir: 0x68000 LB 0x530
5141d38.2ba8: ProductName: Microsoft® Windows® Operating System
5151d38.2ba8: ProductVersion: 6.1.7601.23539
5161d38.2ba8: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
5171d38.2ba8: FileDescription: Windows NT BASE API Client DLL
5181d38.2ba8: \SystemRoot\System32\apisetschema.dll:
5191d38.2ba8: CreationTime: 2016-09-15T07:07:08.885690600Z
5201d38.2ba8: LastWriteTime: 2016-09-02T15:30:45.191000000Z
5211d38.2ba8: ChangeTime: 2016-09-16T12:47:08.130043400Z
5221d38.2ba8: FileAttributes: 0x20
5231d38.2ba8: Size: 0x1a00
5241d38.2ba8: NT Headers: 0xc0
5251d38.2ba8: Timestamp: 0x57c99b6e
5261d38.2ba8: Machine: 0x8664 - amd64
5271d38.2ba8: Timestamp: 0x57c99b6e
5281d38.2ba8: Image Version: 6.1
5291d38.2ba8: SizeOfImage: 0x50000 (327680)
5301d38.2ba8: Resource Dir: 0x30000 LB 0x3f8
5311d38.2ba8: ProductName: Microsoft® Windows® Operating System
5321d38.2ba8: ProductVersion: 6.1.7601.23539
5331d38.2ba8: FileVersion: 6.1.7601.23539 (win7sp1_ldr.160902-0600)
5341d38.2ba8: FileDescription: ApiSet Schema DLL
5351d38.2ba8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
5361d38.2ba8: supR3HardenedWinFindAdversaries: 0x3
5371d38.2ba8: \SystemRoot\System32\drivers\SysPlant.sys:
5381d38.2ba8: CreationTime: 2016-04-18T13:47:53.957114200Z
5391d38.2ba8: LastWriteTime: 2016-04-18T13:47:53.957114200Z
5401d38.2ba8: ChangeTime: 2016-04-18T13:47:53.957114200Z
5411d38.2ba8: FileAttributes: 0x20
5421d38.2ba8: Size: 0x29170
5431d38.2ba8: NT Headers: 0xf0
5441d38.2ba8: Timestamp: 0x562ae30d
5451d38.2ba8: Machine: 0x8664 - amd64
5461d38.2ba8: Timestamp: 0x562ae30d
5471d38.2ba8: Image Version: 5.0
5481d38.2ba8: SizeOfImage: 0x2f000 (192512)
5491d38.2ba8: Resource Dir: 0x2d000 LB 0x498
5501d38.2ba8: ProductName: Symantec CMC Firewall
5511d38.2ba8: ProductVersion: 12.1.6608.6300
5521d38.2ba8: FileVersion: 12.1.6608.6300
5531d38.2ba8: FileDescription: Symantec CMC Firewall SysPlant
5541d38.2ba8: \SystemRoot\System32\sysfer.dll:
5551d38.2ba8: CreationTime: 2016-04-18T13:47:53.955114000Z
5561d38.2ba8: LastWriteTime: 2016-04-18T13:47:53.956114100Z
5571d38.2ba8: ChangeTime: 2016-04-18T13:47:53.956114100Z
5581d38.2ba8: FileAttributes: 0x20
5591d38.2ba8: Size: 0x72038
5601d38.2ba8: NT Headers: 0xe8
5611d38.2ba8: Timestamp: 0x562ae313
5621d38.2ba8: Machine: 0x8664 - amd64
5631d38.2ba8: Timestamp: 0x562ae313
5641d38.2ba8: Image Version: 0.0
5651d38.2ba8: SizeOfImage: 0x89000 (561152)
5661d38.2ba8: Resource Dir: 0x87000 LB 0x630
5671d38.2ba8: ProductName: Symantec CMC Firewall
5681d38.2ba8: ProductVersion: 12.1.6608.6300
5691d38.2ba8: FileVersion: 12.1.6608.6300
5701d38.2ba8: FileDescription: Symantec CMC Firewall sysfer
5711d38.2ba8: \SystemRoot\System32\drivers\symevent64x86.sys:
5721d38.2ba8: CreationTime: 2016-04-18T13:49:21.740891700Z
5731d38.2ba8: LastWriteTime: 2016-04-18T13:49:21.425860200Z
5741d38.2ba8: ChangeTime: 2016-04-18T13:49:21.425860200Z
5751d38.2ba8: FileAttributes: 0x20
5761d38.2ba8: Size: 0x2b8d8
5771d38.2ba8: NT Headers: 0xe8
5781d38.2ba8: Timestamp: 0x54b87d44
5791d38.2ba8: Machine: 0x8664 - amd64
5801d38.2ba8: Timestamp: 0x54b87d44
5811d38.2ba8: Image Version: 6.0
5821d38.2ba8: SizeOfImage: 0x38000 (229376)
5831d38.2ba8: Resource Dir: 0x36000 LB 0x3c8
5841d38.2ba8: ProductName: SYMEVENT
5851d38.2ba8: ProductVersion: 12.9.6.12
5861d38.2ba8: FileVersion: 12.9.6.12
5871d38.2ba8: FileDescription: Symantec Event Library
5881d38.2ba8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5891d38.2ba8: Calling main()
5901d38.2ba8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5911d38.2ba8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5921d38.2ba8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5931d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5941d38.2ba8: SUPR3HardenedMain: Final process, opening VBoxDrv...
5951d38.2ba8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
5961d38.2ba8: supR3HardNtEnableThreadCreation:
5971d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
5981d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
5991d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b421:<flags> [calling]
6001d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6011d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef1cd0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
6021d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6031d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6041d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000168ba1:<flags> [calling]
6051d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6061d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
6071d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000168ba1:<flags> [calling]
6081d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6091d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1cd0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
6101d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6111d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
6121d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6131d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
6141d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
6151d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
6161d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6181d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
6191d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
6201d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6221d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
6231d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
6241d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
6251d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
6261d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6271d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
6281d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
6291d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
6301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6311d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6321d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
6331d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
6341d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6361d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6371d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6381d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6391d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6401d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016d231:<flags> [calling]
6411d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6421d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd420000 LB 0x0003a000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
6431d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6441d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe9d0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
6451d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6461d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd460000 LB 0x0016c000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
6471d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6481d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd300000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
6491d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
6501d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd6c0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
6511d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6521d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\Wintrust.dll'
6531d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
6541d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
6551d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016d231:<flags> [calling]
6561d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6571d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefcc50000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
6581d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6591d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc50000 'C:\windows\system32\bcrypt.dll'
6601d38.2ba8: bcrypt.dll loaded at 000007fefcc50000, BCryptOpenAlgorithmProvider at 000007fefcc52640, preloading providers:
6611d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
6621d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
6631d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
6641d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
6651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
6661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
6671d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
6681d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6691d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6701d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6711d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
6721d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
6731d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
6741d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
6751d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
6761d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
6771d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6781d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6791d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6801d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016d221:<flags> [calling]
6811d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6821d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefc740000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
6831d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
6841d38.2ba8: supR3HardenedDllNotificationCallback: load 000007feff800000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
6851d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6861d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
6871d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
6881d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
6891d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
6901d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefda00000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
6911d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
6921d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc740000 'C:\windows\system32\bcryptprimitives.dll'
6931d38.2ba8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000006c3e10)
6941d38.2ba8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000006c5cd0)
6951d38.2ba8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000006c5df0)
6961d38.2ba8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000006c6000)
6971d38.2ba8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000006c6120)
6981d38.2ba8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000006c6240)
6991d38.2ba8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000006c6480)
7001d38.2ba8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000006c65a0)
7011d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
7021d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
7031d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7041d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7051d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7061d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7081d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7091d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016cda1:<flags> [calling]
7101d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7111d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefcb00000 LB 0x00017000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
7121d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7131d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\windows\system32\CRYPTSP.dll'
7141d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7151d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
7161d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
7171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7181d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7191d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7201d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016cd31:<flags> [calling]
7211d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7221d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefc800000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
7231d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
7241d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc800000 'C:\windows\system32\rsaenh.dll'
7251d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7261d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c5c1:<flags> [calling]
7271d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
7281d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
7291d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
7301d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c941:<flags> [calling]
7311d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7321d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd1a0000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
7331d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
7341d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1a0000 'C:\windows\system32\CRYPTBASE.dll'
7351d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
7361d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c371:<flags> [calling]
7371d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32\kernel32.dll'
7381d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
7391d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016cd01:<flags> [calling]
7401d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\WINTRUST.DLL'
7411d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7421d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016cb31:<flags> [calling]
7431d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\windows\system32\CRYPT32.dll'
7441d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7451d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
7461d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
7471d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
7481d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7491d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7501d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7511d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7521d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7531d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7541d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016cb81:<flags> [calling]
7551d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7561d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe4c0000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
7571d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
7581d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4c0000 'C:\windows\system32\imagehlp.dll'
7591d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
7601d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ccd1:<flags> [calling]
7611d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\windows\system32\CRYPTSP.dll'
7621d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
7631d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
7641d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
7651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7671d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
7681d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
7691d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
7701d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
7711d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
7721d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
7731d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
7741d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
7751d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
7761d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
7771d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
7781d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7791d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7801d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7811d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
7821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
7831d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7841d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
7851d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
7861d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
7871d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
7881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7891d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7901d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7911d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7921d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7931d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7941d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7951d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7961d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7971d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7981d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7991d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8011d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8021d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8031d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c801:<flags> [calling]
8041d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8051d38.2ba8: supR3HardenedDllNotificationCallback: load 00000000773b0000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
8061d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8071d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe4f0000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
8081d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8091d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe560000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
8101d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
8111d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefdcc0000 LB 0x000ca000 C:\windows\system32\USP10.dll [fFlags=0x0]
8121d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
8131d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8141d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016bd01:<flags> [calling]
8151d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'C:\windows\system32\gdi32.dll'
8161d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
8171d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
8181d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
8191d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
8201d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
8211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
8221d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
8231d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8241d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
8251d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
8261d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
8271d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
8281d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
8291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8311d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8321d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8331d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8341d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
8361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
8371d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8381d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8391d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8401d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8411d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8421d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8431d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8441d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8451d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8461d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8471d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b641:<flags> [calling]
8481d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8491d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe090000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
8501d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
8511d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefda20000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
8521d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
8531d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\IMM32.DLL'
8541d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773b0000 'C:\windows\system32\USER32.dll'
8551d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
8561d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
8571d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
8581d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
8591d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
8601d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8611d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8621d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8631d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8641d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8651d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8671d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8681d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8691d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016cb01:<flags> [calling]
8701d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8711d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
8721d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
8731d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\windows\system32\ncrypt.dll'
8741d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8751d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c8f1:<flags> [calling]
8761d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc50000 'C:\windows\system32\bcrypt.dll'
8771d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8781d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
8791d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
8801d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
8811d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
8821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
8831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
8841d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8851d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
8861d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
8871d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8891d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8901d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8911d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8921d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8931d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8941d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8951d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8961d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c2f1:<flags> [calling]
8971d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
8981d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd670000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
8991d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
9001d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd310000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
9011d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9021d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd670000 'C:\windows\system32\USERENV.dll'
9031d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c051:<flags> [calling]
9041d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9051d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c3e1:<flags> [calling]
9061d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9071d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9081d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
9091d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
9101d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
9111d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9131d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9141d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9151d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9161d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9171d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c611:<flags> [calling]
9181d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9191d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefc5b0000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
9201d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
9211d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5b0000 'C:\windows\system32\GPAPI.dll'
9221d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c561:<flags> [calling]
9231d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
9241d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9251d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016bc61:<flags> [calling]
9261d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\windows\system32\rpcrt4.dll'
9271d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c541:<flags> [calling]
9281d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-Management-L2-1-0.dll'
9291d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c551:<flags> [calling]
9301d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9311d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9321d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
9331d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
9341d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
9351d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
9361d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9371d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
9381d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
9391d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9401d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
9411d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9421d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9431d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9441d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9451d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9461d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9471d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9481d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9491d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9501d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9511d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9521d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9531d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9541d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c031:<flags> [calling]
9551d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9561d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef99d0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
9571d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9581d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe8d0000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
9591d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
9601d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9611d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9621d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9631d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9641d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9651d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9661d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9671d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9681d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9691d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9701d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9711d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9721d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9731d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9741d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9751d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9761d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000016b261:<flags> [calling]
9771d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9781d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9791d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9801d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9811d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9821d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9831d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9841d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9851d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9861d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9871d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9881d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9891d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
9901d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
9911d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016b9c1:<flags> [calling]
9921d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
9931d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
9941d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b9c1:<flags> [calling]
9951d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\windows\system32\profapi.dll'
9961d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
9971d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
9981d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9991d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
10001d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10011d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10021d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10031d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10041d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10051d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10061d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10091d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10101d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b461:<flags> [calling]
10111d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10121d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe010000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
10131d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
10141d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\windows\system32\SHLWAPI.dll'
10151d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
10161d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000006bd940
10171d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10181d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E53010108A64DAF54B92D2D51A308E60BAB3381C
10191d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c2a1:<flags> [calling]
10201d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
10211d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016be01:<flags> [calling]
10221d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
10231d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016be01:<flags> [calling]
10241d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
10251d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10261d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c2a1:<flags> [calling]
10271d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
10281d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016c251:<flags> [calling]
10291d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10301d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016bf41:<flags> [calling]
10311d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
10321d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\SystemRoot\System32\ntdll.dll'
10331d38.2ba8: g_pfnWinVerifyTrust=000007fefd421010
10341d38.2ba8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
10351d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
10361d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10371d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10381d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CF258E1DA85AD69891395F6F7501E1D54F2DFED8
10391d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB2868626~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10401d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10411d38.2ba8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
10421d38.2ba8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
10431d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
10441d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10451d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10461d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=80662AB761CF56CEC7909E5D03289BC65B4457A8
10471d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10481d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10491d38.2ba8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
10501d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000374 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
10511d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10521d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10531d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
10541d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10551d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10561d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
10571d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000036c pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
10581d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10591d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10601d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
10611d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10621d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10631d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
10641d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000368 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
10651d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10661d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10671d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
10681d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB2862966~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10691d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10701d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
10711d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000254 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
10721d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10731d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10741d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
10751d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10761d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10771d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
10781d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
10791d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10801d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10811d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
10821d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10831d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10841d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
10851d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
10861d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10871d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10881d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
10891d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10901d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10911d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
10921d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
10931d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
10941d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
10951d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=689ACDD5363A77E1631F898754B6E50F766D717F
10961d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10971d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10981d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
10991d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
11001d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11011d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11021d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03916BC73EE5A0E312E3D3100D0ACE1B78E93BB1
11031d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3033889~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11041d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11051d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
11061d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
11071d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11081d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11091d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
11101d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11121d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
11131d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
11141d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11151d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11161d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
11171d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11181d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11191d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
11201d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
11211d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11221d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11231d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B248FC58436AAEFEF00A75FCE0F004E89F8C7F94
11241d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11251d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11261d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
11271d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
11281d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11291d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11301d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
11311d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11321d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11331d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
11341d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000017c pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
11351d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11361d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11371d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A50DB67CFDA2B98A4E5A869EC667DB8F8F0786A5
11381d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3185911~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
11391d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11401d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
11411d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000178 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
11421d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11431d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11441d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
11451d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11461d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11471d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
11481d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
11491d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11501d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11511d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79770F613DEE7AE0BD2D85F646B86EC19FB1AA3
11521d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11531d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11541d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
11551d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
11561d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
11571d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11581d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11591d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
11601d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11611d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11621d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
11631d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
11641d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11651d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11661d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
11671d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11681d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11691d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
11701d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
11711d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11721d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11731d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7174B0C611749804BA1E733E1305AB107086EB8A
11741d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_150_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11751d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11761d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
11771d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
11781d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
11791d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11801d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11811d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
11821d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11831d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11841d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
11851d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11861d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11871d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11881d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
11891d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11901d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11911d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
11921d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
11931d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
11941d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
11951d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
11961d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11971d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11981d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
11991d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12001d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
12011d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
12021d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C38776661F344AE278C260F1A84BEB3C02F9990
12031d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12041d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12051d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
12061d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
12071d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
12081d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
12091d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
12101d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA4BF7EE78353507CFB864B7CAD9B1EC8ACD06A3
12111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12121d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12131d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
12141d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
12151d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
12161d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
12171d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F38A5057595CD753CB23DB873A1236AE691053E4
12181d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3175024~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12191d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12201d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
12211d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12221d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016bd51:<flags> [calling]
12231d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\windows\system32\crypt32.dll'
12241d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
12251d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
12261d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
12271d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
12281d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
12291d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
12301d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
12311d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
12321d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
12331d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
12341d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
12351d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
12361d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
12371d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
12381d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
12391d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
12401d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
12411d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
12421d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
12431d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
12441d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
12451d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
12461d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
12471d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
12481d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
12491d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
12501d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
12511d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
12521d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
12531d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
12541d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
12551d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
12561d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
12571d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
12581d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
12591d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
12601d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
12611d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
12621d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
12631d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
12641d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
12651d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
12661d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xed018f965541e900 DC=org, DC=cubrc, CN=cubrcfs1.cubrc.org
12671d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3b05ada91a89c00 DC=org, DC=cubrc, CN=cubrcfs1
12681d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0xe2d8d8ea65eebf00 DC=org, DC=cubrc, CN=cubrcfs2.cubrc.org
12691d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x4e7be226657ce600 DC=org, DC=cubrc, CN=cubrc-DC1-CA
12701d38.2ba8: supR3HardenedWinIsDesiredRootCA: Adding 0x988db1e18b2de300 DC=org, DC=cubrc, CN=cubrc-DC1-CA
12711d38.2ba8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=47
12721d38.2ba8: SUPR3HardenedMain: Load Runtime...
12731d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12741d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
12751d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
12761d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
12771d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
12781d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12791d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12801d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12811d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
12821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
12831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
12841d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000418 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12851d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
12861d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
12871d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
12881d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
12891d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12901d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12911d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12921d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
12931d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
12941d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12951d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
12961d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
12971d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
12981d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
12991d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13011d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13021d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
13031d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13041d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13051d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13061d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
13081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
13091d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
13101d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
13111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
13121d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
13131d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
13141d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13151d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
13161d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
13171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13181d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13191d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
13201d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13221d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
13231d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c071:<flags> [calling]
13241d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13251d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef0420000 LB 0x0050f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
13261d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13271d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13281d38.2ba8: supR3HardenedDllNotificationCallback: load 000000006f6a0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
13291d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13301d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13311d38.2ba8: supR3HardenedDllNotificationCallback: load 000000006f370000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
13321d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13331d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe470000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
13341d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
13351d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe4e0000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
13361d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
13371d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13381d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13391d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13401d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13411d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13421d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13431d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13441d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13451d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13461d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13471d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13481d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13491d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13501d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13511d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13521d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13531d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13541d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13551d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13561d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13571d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13581d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13591d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13601d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13611d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13621d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13631d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13641d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13651d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13661d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13671d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13681d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13691d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13701d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13711d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13721d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13731d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13741d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13751d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13761d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13771d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13781d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13791d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13801d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
13811d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001697b1:<flags> [calling]
13821d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13831d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13841d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13851d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0420000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
13861d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
13871d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016dbd1:<flags> [calling]
13881d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\Wintrust.dll'
13891d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
13901d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c731:<flags> [calling]
13911d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\windows\system32\crypt32.dll'
13921d38.2ba8: SUPR3HardenedMain: Load TrustedMain...
13931d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
13941d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
13951d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
13961d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13971d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
13981d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qtguivbox4.dll'.
13991d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qtopenglvbox4.dll'.
14001d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14011d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14021d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'advapi32.dll'.
14031d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'shell32.dll'.
14041d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ole32.dll'.
14051d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'oleaut32.dll'.
14061d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'winmm.dll'.
14071d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
14081d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
14091d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
14101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
14111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
14121d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
14131d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
14141d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
14151d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
14161d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14171d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14181d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14191d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
14201d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
14211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
14221d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
14231d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14241d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
14251d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
14261d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA3E83E74A541ECA00DF9E1B5AA0999E45845CD9
14271d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3184122~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
14281d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14291d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
14301d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
14311d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
14321d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
14331d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14341d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
14351d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
14361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14371d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14381d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
14391d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
14401d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
14411d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
14421d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
14431d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14441d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14451d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14461d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
14471d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
14481d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
14491d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
14501d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14511d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14521d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
14531d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
14541d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
14551d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B025664F7212FCAD9B2E5AA335933CE9991F602E
14561d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3080446~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
14571d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14581d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14591d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
14601d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
14611d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
14621d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
14631d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
14641d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14661d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14671d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14681d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14691d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14701d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14711d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14721d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtopenglvbox4.dll'...
14731d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtopenglvbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtopenglvbox4.dll' [rcNtRedir=0xc0150008]
14741d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
14751d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
14761d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14771d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qtguivbox4.dll'.
14781d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qtcorevbox4.dll'.
14791d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcr100.dll'.
14801d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll) WinVerifyTrust
14811d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
14821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
14831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
14841d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
14851d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'comdlg32.dll'.
14861d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
14871d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
14881d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
14891d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
14901d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
14911d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14921d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'advapi32.dll'.
14931d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'shell32.dll'.
14941d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'qtcorevbox4.dll'.
14951d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'msvcp100.dll'.
14961d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'msvcr100.dll'.
14971d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll) WinVerifyTrust
14981d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
14991d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15011d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
15021d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
15031d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15041d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
15051d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
15061d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
15071d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll) WinVerifyTrust
15081d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15091d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15111d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15131d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15141d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15151d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
15161d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
15171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
15181d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
15191d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
15201d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
15211d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
15221d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
15231d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
15241d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15251d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15261d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
15271d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15281d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
15291d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
15301d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
15311d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
15321d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
15331d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15341d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
15361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
15371d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
15381d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
15391d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
15401d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
15411d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
15421d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15431d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15441d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15451d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
15461d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15471d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
15481d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
15491d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
15501d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
15511d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
15521d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
15531d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
15541d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
15551d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
15561d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
15571d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
15581d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15591d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15601d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
15611d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15621d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
15631d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
15641d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15671d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15681d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15691d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15701d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15711d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15721d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15731d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15741d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15751d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15761d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15771d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15781d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15791d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15801d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
15811d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
15821d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
15831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15841d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15851d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15861d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15871d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15891d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15901d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15911d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15921d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15931d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15941d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
15951d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
15961d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
15971d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15981d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15991d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16011d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16021d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16031d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16041d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16051d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16061d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
16081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
16091d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
16101d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
16111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
16121d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
16131d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
16141d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16151d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16161d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
16171d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
16181d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
16191d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
16201d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16221d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
16231d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
16241d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
16251d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
16261d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
16271d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
16281d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
16291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
16301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
16311d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16321d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
16331d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
16341d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
16351d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
16361d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16371d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16381d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
16391d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16401d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
16411d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
16421d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
16431d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
16441d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
16451d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16461d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16471d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
16481d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
16491d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16501d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtcorevbox4.dll'...
16511d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtcorevbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtcorevbox4.dll' [rcNtRedir=0xc0150008]
16521d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
16531d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qtguivbox4.dll'...
16541d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qtguivbox4.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qtguivbox4.dll' [rcNtRedir=0xc0150008]
16551d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
16561d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16571d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16581d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16591d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16601d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16611d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16621d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16631d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16641d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16671d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16681d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16691d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16701d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16711d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16721d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16731d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16741d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16751d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16761d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16771d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16781d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16791d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16801d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16811d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16841d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
16851d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16861d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16871d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16891d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16901d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16911d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16921d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16931d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16941d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16951d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16961d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16971d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16981d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16991d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
17001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
17011d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
17021d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
17031d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
17041d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
17051d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
17061d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17071d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
17081d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17091d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17101d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
17111d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
17121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17131d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17141d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17151d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17161d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
17171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
17181d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
17191d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17201d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17221d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17231d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17241d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17251d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
17261d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17271d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17281d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
17311d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
17321d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17331d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17341d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
17361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
17371d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17381d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
17391d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
17401d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
17411d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
17421d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17431d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17441d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17451d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17461d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
17471d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17481d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
17491d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
17501d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
17511d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
17521d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
17531d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
17541d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
17551d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17561d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
17571d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
17581d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
17591d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17601d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17611d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
17621d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
17631d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
17641d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17651d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17661d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17671d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
17681d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
17691d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
17701d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
17711d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
17721d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EB130FE5667C75A1CCDD15015B9391131942AA9
17731d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164033~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
17741d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17751d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17761d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
17771d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
17781d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
17791d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17801d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17811d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17821d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17831d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17841d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17851d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17861d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17871d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17891d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17901d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
17911d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
17921d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
17931d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
17941d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
17951d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
17961d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
17971d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17981d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17991d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
18001d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
18011d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
18021d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18031d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18041d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18051d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18061d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18091d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18111d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18131d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18141d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18151d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18161d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
18171d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
18181d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
18191d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
18201d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18211d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18221d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
18231d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18241d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
18251d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18261d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18271d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18281d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18311d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18321d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18331d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18341d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18371d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18381d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18391d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18401d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
18411d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
18421d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18431d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18441d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
18451d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
18461d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18471d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18481d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18491d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016c081:<flags> [calling]
18501d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18511d38.2ba8: supR3HardenedDllNotificationCallback: load 000007feefb60000 LB 0x008c0000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
18521d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
18531d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18541d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef09d0000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
18551d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18561d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18571d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef09a0000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
18581d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
18591d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18601d38.2ba8: supR3HardenedDllNotificationCallback: load 000007feefa60000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
18611d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18621d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18631d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef0990000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
18641d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
18651d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefdd90000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
18661d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
18671d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd320000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
18681d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
18691d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe390000 LB 0x000da000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
18701d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18711d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd7f0000 LB 0x00203000 C:\windows\system32\ole32.dll [fFlags=0x0]
18721d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18731d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
18741d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
18751d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18761d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefb5b0000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
18771d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
18781d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18791d38.2ba8: supR3HardenedDllNotificationCallback: load 000000006b970000 LB 0x002de000 C:\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll [fFlags=0x0]
18801d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtCoreVBox4.dll
18811d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18821d38.2ba8: supR3HardenedDllNotificationCallback: load 0000000063410000 LB 0x0096c000 C:\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll [fFlags=0x0]
18831d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtGuiVBox4.dll
18841d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefdf70000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
18851d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18861d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18871d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18881d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18891d38.2ba8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18901d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18911d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef6ee0000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
18921d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
18931d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefea70000 LB 0x00d8a000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
18941d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18951d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18961d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefbdf0000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
18971d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18981d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18991d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef7c40000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
19001d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
19011d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19021d38.2ba8: supR3HardenedDllNotificationCallback: load 000000006d6b0000 LB 0x000dc000 C:\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll [fFlags=0x0]
19031d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\QtOpenGLVBox4.dll
19041d38.2ba8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
19051d38.2ba8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
19061d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
19071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19091d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19111d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19131d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b651:<flags> [calling]
19141d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe090000 'C:\windows\system32\imm32.dll'
19151d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feefb60000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
19161d38.2ba8: SUPR3HardenedMain: Calling TrustedMain (000007feefb61020)...
19171d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19181d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ed11:<flags> [calling]
19191d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
19201d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000580 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19211d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
19221d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
19231d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
19241d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19251d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19261d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19271d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19281d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19291d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19301d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19311d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19321d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19331d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19341d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19351d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19361d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19371d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016e531:<flags> [calling]
19381d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19391d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefb890000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
19401d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19411d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19421d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19431d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016df71:<flags> [calling]
19441d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19451d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19461d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016dce1:<flags> [calling]
19471d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19481d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19491d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016dce1:<flags> [calling]
19501d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19511d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19521d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016e1a1:<flags> [calling]
19531d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5b0000 'C:\windows\system32\dwmapi.dll'
19541d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
19551d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016e9c1:<flags> [calling]
19561d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1a0000 'C:\windows\system32\CRYPTBASE.dll'
19571d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19581d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016eb71:<flags> [calling]
19591d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
19601d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19611d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016eac1:<flags> [calling]
19621d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32\kernel32.dll'
19631d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19641d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016eb41:<flags> [calling]
19651d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19661d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19671d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ebb1:<flags> [calling]
19681d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19691d38.2ba8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
19701d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ecd1:<flags> [calling]
19711d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
19721d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773b0000 'C:\windows\system32\user32.dll'
19731d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19741d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ed21:<flags> [calling]
19751d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb890000 'C:\windows\system32\uxtheme.dll'
19761d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773b0000 'C:\windows\system32\user32.dll'
19771d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\advapi32.dll'
19781d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19791d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016eb81:<flags> [calling]
19801d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd670000 'C:\windows\system32\userenv.dll'
19811d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19821d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016eb81:<flags> [calling]
19831d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32\kernel32.dll'
19841d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19851d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
19861d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
19871d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
19881d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19891d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19901d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19911d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19921d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19931d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19941d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19951d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19961d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
19971d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19981d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19991d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20011d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20021d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20031d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20041d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20051d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20061d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20071d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20081d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20091d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20111d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20121d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20131d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016bb61:<flags> [calling]
20141d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20151d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefe930000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
20161d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20171d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe930000 'C:\windows\system32\CLBCatQ.DLL'
20181d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
20191d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
20201d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016a951:<flags> [calling]
20211d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb00000 'C:\windows\system32\CRYPTSP.dll'
20221d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000600 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20231d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
20241d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
20251d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20261d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20271d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20281d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20291d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20301d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20311d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20321d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20331d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016a521:<flags> [calling]
20341d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20351d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fefd250000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
20361d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20371d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd250000 'C:\windows\system32\RpcRtRemote.dll'
20381d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20391d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20401d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20411d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20421d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20431d38.4eec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20441d38.4eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20451d38.4eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20461d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20471d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20481d38.4eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20491d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20501d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20511d38.4eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20521d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20531d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20541d38.4eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20551d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20561d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20571d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20581d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20591d38.4eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20601d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20611d38.4eec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20621d38.4eec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
20631d38.4eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047be5c1:<flags> [calling]
20641d38.4eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20651d38.4eec: supR3HardenedDllNotificationCallback: load 000007feef0f0000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20661d38.4eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20671d38.4eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20681d38.4eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20691d38.4eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047bd141:<flags> [calling]
20701d38.4eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\Windows\system32\oleaut32.dll'
20711d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000660 pwszName=\Device\HarddiskVolume2\Windows\System32\sxs.dll
20721d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
20731d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
20741d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FCAC019C19F878C2B628662A84ECE75A01818BC9
20751d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\sxs.dll'
20761d38.4eec: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20771d38.4eec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\sxs.dll) WinVerifyTrust
20781d38.4eec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sxs.dll
20791d38.4eec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SXS.DLL (Input=SXS.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000047bd6f1:<flags> [calling]
20801d38.4eec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
20811d38.4eec: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x00091000 C:\windows\system32\SXS.DLL [fFlags=0x0]
20821d38.4eec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\sxs.dll
20831d38.4eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\windows\system32\SXS.DLL'
20841d38.4eec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
20851d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20861d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016afb1:<flags> [calling]
20871d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\windows\system32\OLEAUT32.dll'
20881d38.2ba8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
20891d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016b361:<flags> [calling]
20901d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
20911d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4f0000 'C:\windows\system32\gdi32.dll'
20921d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773b0000 'C:\windows\system32\user32.dll'
20931d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20941d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ab61:<flags> [calling]
20951d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
20961d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
20971d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20981d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001698b1:<flags> [calling]
20991d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
21001d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
21011d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000167f81:<flags> [calling]
21021d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
21031d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21041d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000167fb1:<flags> [calling]
21051d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\windows\system32\OLEAUT32.dll'
21061d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a48 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21071d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
21081d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
21091d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
21101d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
21111d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21121d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21131d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
21141d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21151d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21161d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
21171d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
21181d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
21191d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21201d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21221d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21231d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21241d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21251d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21261d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21271d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21281d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21311d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a58 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21321d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
21331d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
21341d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
21351d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
21361d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21371d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21381d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
21391d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
21401d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21411d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
21421d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
21431d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21441d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21451d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21461d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21471d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21481d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21491d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21501d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21511d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21521d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21531d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21541d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21551d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21561d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21571d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21581d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001668d1:<flags> [calling]
21591d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21601d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef9860000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
21611d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21621d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21631d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef97d0000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
21641d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21651d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9860000 'C:\windows\system32\wbem\wbemprox.dll'
21661d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a80 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21671d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
21681d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
21691d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
21701d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
21711d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21721d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21731d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
21741d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
21751d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21761d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21771d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21781d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21791d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21801d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000166491:<flags> [calling]
21811d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21821d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef90a0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
21831d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
21841d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90a0000 'C:\windows\system32\wbem\wbemsvc.dll'
21851d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a8c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21861d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
21871d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
21881d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
21891d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
21901d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21911d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21921d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
21931d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21941d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
21951d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
21961d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
21971d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
21981d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
21991d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
22001d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
22011d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a74 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22021d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
22031d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
22041d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
22051d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
22061d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22071d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22081d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
22091d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
22101d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
22111d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22131d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22141d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22151d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22161d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22171d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22181d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22191d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22201d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22211d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22221d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22231d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22241d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22251d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22261d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22271d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22281d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22291d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22301d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22311d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001664d1:<flags> [calling]
22321d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22331d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef9260000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
22341d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22351d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22361d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef9a70000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
22371d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22381d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9260000 'C:\windows\system32\wbem\fastprox.dll'
22391d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\windows\system32\OLEAUT32.dll'
22401d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22411d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
22421d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22431d38.17b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
22441d38.17b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22451d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22461d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22471d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
22481d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
22491d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
22501d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22511d38.17b4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22521d38.17b4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
22531d38.17b4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22541d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22551d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22561d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22571d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22581d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22591d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
22601d38.17b4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22611d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22621d38.17b4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
22631d38.17b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000800e511:<flags> [calling]
22641d38.17b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22651d38.17b4: supR3HardenedDllNotificationCallback: load 000007feee730000 LB 0x00273000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
22661d38.17b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22671d38.17b4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22681d38.17b4: supR3HardenedDllNotificationCallback: load 0000000064ae0000 LB 0x0010a000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
22691d38.17b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
22701d38.17b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee730000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
22711d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b28 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
22721d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
22731d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
22741d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
22751d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
22761d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22771d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
22781d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
22791d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
22801d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
22811d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
22821d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
22831d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
22841d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
22851d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
22861d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
22871d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
22881d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
22891d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b20 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
22901d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
22911d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
22921d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
22931d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
22941d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22951d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22961d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
22971d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
22981d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
22991d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
23001d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23011d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23021d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23031d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
23041d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23051d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23061d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23071d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23081d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23091d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23101d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23111d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23121d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23131d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23141d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
23151d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
23161d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
23171d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23181d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23191d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
23201d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
23211d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b4c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
23221d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
23231d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
23241d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
23251d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
23261d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23271d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23281d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
23291d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
23301d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
23311d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23321d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23331d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23341d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
23351d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23361d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23371d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
23381d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
23391d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
23401d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23411d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23421d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23431d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23441d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000083290d1:<flags> [calling]
23451d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23461d38.2868: supR3HardenedDllNotificationCallback: load 000007fef8ec0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
23471d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
23481d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23491d38.2868: supR3HardenedDllNotificationCallback: load 000007fefa0c0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
23501d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
23511d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23521d38.2868: supR3HardenedDllNotificationCallback: load 000007fefa0b0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
23531d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
23541d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8ec0000 'C:\Windows\system32\netcfgx.dll'
23551d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
23561d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832a801:<flags> [calling]
23571d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\windows\system32\SETUPAPI.dll'
23581d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23591d38.2868: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
23601d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
23611d38.2868: supR3HardenedDllNotificationCallback: load 000007fefc5d0000 LB 0x00012000 C:\windows\system32\devrtl.DLL [fFlags=0x0]
23621d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
23631d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b5c pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
23641d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
23651d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
23661d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
23671d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
23681d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23691d38.2868: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
23701d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
23711d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23721d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23731d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832a5a1:<flags> [calling]
23741d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\WINTRUST.dll'
23751d38.63d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23761d38.63d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23771d38.63d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23781d38.63d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23791d38.63d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23801d38.63d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23811d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23821d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23831d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23841d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23851d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23861d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23871d38.63d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23881d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23891d38.63d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23901d38.63d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000086ed8c1:<flags> [calling]
23911d38.63d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23921d38.63d0: supR3HardenedDllNotificationCallback: load 000007fef89a0000 LB 0x0000a000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23931d38.63d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23941d38.63d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef89a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23951d38.63d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000773b0000 'C:\windows\system32/User32.dll'
23961d38.6888: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23971d38.6888: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23981d38.6888: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23991d38.6888: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
24001d38.6888: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24011d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24021d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24031d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24041d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24051d38.6888: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24061d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24071d38.6888: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24081d38.6888: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000884dca1:<flags> [calling]
24091d38.6888: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24101d38.6888: supR3HardenedDllNotificationCallback: load 000007fef8950000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
24111d38.6888: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
24121d38.6888: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8950000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
24131d38.6c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24141d38.6c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24151d38.6c20: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24161d38.6c20: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
24171d38.6c20: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24181d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24191d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24201d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24211d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24221d38.6c20: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24231d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24241d38.6c20: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24251d38.6c20: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008a2db01:<flags> [calling]
24261d38.6c20: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24271d38.6c20: supR3HardenedDllNotificationCallback: load 000007fef8940000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
24281d38.6c20: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
24291d38.6c20: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8940000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
24301d38.4168: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24311d38.4168: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24321d38.4168: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24331d38.4168: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
24341d38.4168: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24351d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24361d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24371d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24381d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24391d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24401d38.4168: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24411d38.4168: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008e8d8a1:<flags> [calling]
24421d38.4168: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24431d38.4168: supR3HardenedDllNotificationCallback: load 000007fef8930000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
24441d38.4168: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
24451d38.4168: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8930000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
24461d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24471d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008328ad1:<flags> [calling]
24481d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24491d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32/Shell32.dll'
24501d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
24511d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000008327721:<flags> [calling]
24521d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
24531d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
24541d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008327761:<flags> [calling]
24551d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd310000 'C:\windows\system32\profapi.dll'
24561d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24571d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24581d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24591d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24601d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24611d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24621d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24631d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24641d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24651d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24661d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
24671d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24681d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24691d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24701d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24711d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24721d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24731d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24741d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24751d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24761d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24771d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24781d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24791d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24801d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24811d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24821d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24831d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24841d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24851d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24861d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
24871d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24881d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
24891d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
24901d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24911d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24921d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24931d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24941d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24951d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24961d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24971d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24981d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24991d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25001d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25011d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25021d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25031d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25041d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25051d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25061d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25071d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25081d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25091d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25101d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25111d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25121d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25131d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25141d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25151d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25161d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25171d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25181d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25191d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25201d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25211d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25221d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
25231d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d711:<flags> [calling]
25241d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25251d38.2868: supR3HardenedDllNotificationCallback: load 000007feede70000 LB 0x008bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
25261d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25271d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25281d38.2868: supR3HardenedDllNotificationCallback: load 000007feeef60000 LB 0x00057000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
25291d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25301d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25311d38.2868: supR3HardenedDllNotificationCallback: load 000007fef6c40000 LB 0x00034000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
25321d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25331d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feede70000 'C:\Program Files\Oracle\VirtualBox/VBoxDD.DLL'
25341d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25351d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d711:<flags> [calling]
25361d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25371d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef0f0000 'C:\Program Files\Oracle\VirtualBox/VBoxC.DLL'
25381d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25391d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d621:<flags> [calling]
25401d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25411d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6c40000 'C:\Program Files\Oracle\VirtualBox/VBoxDD2.DLL'
25421d38.48f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25431d38.48f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
25441d38.48f0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
25451d38.48f0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
25461d38.48f0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25471d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25481d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25491d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25501d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
25511d38.48f0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
25521d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25531d38.48f0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25541d38.48f0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e5bdda1:<flags> [calling]
25551d38.48f0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25561d38.48f0: supR3HardenedDllNotificationCallback: load 000007fef88a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
25571d38.48f0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
25581d38.48f0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef88a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
25591d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25601d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832da01:<flags> [calling]
25611d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25621d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0c0000 'C:\windows\system32/Iphlpapi.dll'
25631d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e00 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25641d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
25651d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
25661d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC0AE0624E37D3E65E0DF3478A34662E1498D862
25671d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_211_for_KB2775511~31bf3856ad364e35~amd64~~6.1.2.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
25681d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25691d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25701d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25711d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
25721d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
25731d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25741d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25751d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25761d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25771d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25781d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25791d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25801d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25811d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e6a1:<flags> [calling]
25821d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25831d38.2868: supR3HardenedDllNotificationCallback: load 000007fef9fb0000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
25841d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
25851d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9fb0000 'C:\windows\system32\dhcpcsvc6.DLL'
25861d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25871d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e3c1:<flags> [calling]
25881d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0c0000 'C:\windows\system32\IPHLPAPI.DLL'
25891d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e24 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
25901d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
25911d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
25921d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
25931d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
25941d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25951d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25961d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25971d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
25981d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
25991d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
26001d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26011d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26021d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26031d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26041d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26051d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26061d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26071d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26081d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26091d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26101d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26111d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e6f1:<flags> [calling]
26121d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26131d38.2868: supR3HardenedDllNotificationCallback: load 000007fef9f90000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
26141d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26151d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9f90000 'C:\windows\system32\dhcpcsvc.DLL'
26161d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26171d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e351:<flags> [calling]
26181d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0c0000 'C:\windows\system32\IPHLPAPI.DLL'
26191d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
26201d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
26211d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
26221d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
26231d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
26241d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26251d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26261d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26271d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
26281d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
26291d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
26301d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
26311d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26321d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26331d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26341d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26351d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26361d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26371d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26381d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26391d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e691:<flags> [calling]
26401d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
26411d38.2868: supR3HardenedDllNotificationCallback: load 000007fefcaa0000 LB 0x00055000 C:\windows\system32\mswsock.dll [fFlags=0x0]
26421d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
26431d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaa0000 'C:\windows\system32\mswsock.dll'
26441d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e28 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
26451d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
26461d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
26471d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
26481d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
26491d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26501d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
26511d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
26521d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
26531d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26541d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26551d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e831:<flags> [calling]
26561d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
26571d38.2868: supR3HardenedDllNotificationCallback: load 000007fefc490000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [fFlags=0x0]
26581d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
26591d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc490000 'C:\windows\System32\wshtcpip.dll'
26601d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eac pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
26611d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
26621d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
26631d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
26641d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
26651d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26661d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26671d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26681d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26691d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26701d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
26711d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
26721d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
26731d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
26741d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
26751d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
26761d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb0 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
26771d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
26781d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
26791d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
26801d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
26811d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26821d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26831d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26841d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26851d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
26861d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
26871d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26881d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26891d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26901d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26911d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26921d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26931d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26941d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26951d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26961d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26971d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26981d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26991d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27001d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27011d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27021d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27031d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27041d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27051d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d561:<flags> [calling]
27061d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27071d38.2868: supR3HardenedDllNotificationCallback: load 000007feef6c0000 LB 0x00088000 C:\windows\System32\dsound.dll [fFlags=0x0]
27081d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27091d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27101d38.2868: supR3HardenedDllNotificationCallback: load 000007fefbfe0000 LB 0x0002c000 C:\windows\System32\POWRPROF.dll [fFlags=0x0]
27111d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27121d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27131d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832c8d1:<flags> [calling]
27141d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef6c0000 'C:\windows\System32\dsound.dll'
27151d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef6c0000 'C:\windows\System32\dsound.dll'
27161d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27171d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832da61:<flags> [calling]
27181d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27191d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef6c0000 'C:\windows\system32/dsound.dll'
27201d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000eb4 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27211d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
27221d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
27231d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
27241d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
27251d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27261d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27271d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27281d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27291d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
27301d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
27311d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27321d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
27331d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
27341d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ed8 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
27351d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
27361d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
27371d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
27381d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
27391d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27401d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27411d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
27421d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
27431d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27441d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27451d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
27461d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
27471d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27481d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27491d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27501d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27511d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27521d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27531d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27541d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27551d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27561d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27571d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27581d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27591d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27601d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27611d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27621d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27631d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27641d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d031:<flags> [calling]
27651d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27661d38.2868: supR3HardenedDllNotificationCallback: load 000007fefbf90000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
27671d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27681d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27691d38.2868: supR3HardenedDllNotificationCallback: load 000007fefbe60000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
27701d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27711d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff800000 'C:\windows\system32\ADVAPI32.dll'
27721d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\windows\System32\MMDevApi.dll'
27731d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
27741d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27751d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d341:<flags> [calling]
27761d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd90000 'C:\windows\system32\SETUPAPI.dll'
27771d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27781d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e1b1:<flags> [calling]
27791d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe010000 'C:\windows\system32\SHLWAPI.dll'
27801d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27811d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e3d1:<flags> [calling]
27821d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\windows\system32\MMDEVAPI.DLL'
27831d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
27841d38.ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27851d38.ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000014e3f8a1:<flags> [calling]
27861d38.ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd320000 'C:\windows\system32\CFGMGR32.dll'
27871d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27881d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e001:<flags> [calling]
27891d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
27901d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000832de61:<flags> [calling]
27911d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
27921d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000832de61:<flags> [calling]
27931d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefda00000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
27941d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6c0000 'C:\windows\system32\RPCRT4.dll'
27951d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27961d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dec1:<flags> [calling]
27971d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf90000 'C:\windows\system32\MMDevAPI.DLL'
27981d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f00 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27991d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
28001d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
28011d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
28021d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
28031d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28041d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28051d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28061d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28071d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28081d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
28091d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
28101d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
28111d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
28121d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
28131d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28141d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28151d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28161d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f04 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
28171d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
28181d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
28191d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
28201d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
28211d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28221d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
28231d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
28241d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28251d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28261d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28271d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
28281d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
28291d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f20 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
28301d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
28311d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
28321d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
28331d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
28341d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28351d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28361d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
28371d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28381d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28391d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28401d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28411d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28421d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28431d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28441d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28451d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28461d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28471d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28481d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28491d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28501d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28511d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832da31:<flags> [calling]
28521d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28531d38.2868: supR3HardenedDllNotificationCallback: load 000007fefb5e0000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
28541d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28551d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28561d38.2868: supR3HardenedDllNotificationCallback: load 0000000074ff0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
28571d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28581d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28591d38.2868: supR3HardenedDllNotificationCallback: load 000007fefbe30000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
28601d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28611d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
28621d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28631d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832da31:<flags> [calling]
28641d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
28651d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28661d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbe1:<flags> [calling]
28671d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
28681d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28691d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbe1:<flags> [calling]
28701d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
28711d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28721d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbe1:<flags> [calling]
28731d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
28741d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f34 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28751d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
28761d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
28771d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E7B264B3670B74C7A34AEDBA5E942385CDC0D1C9
28781d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_1_for_KB3005607~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
28791d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28801d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28811d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28821d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28831d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28841d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28851d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
28861d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
28871d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
28881d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28891d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28901d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28911d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28921d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28931d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28941d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28951d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28961d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28971d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28981d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28991d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29001d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29011d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29021d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29031d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29041d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbf1:<flags> [calling]
29051d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29061d38.2868: supR3HardenedDllNotificationCallback: load 000007fefab80000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
29071d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29081d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab80000 'C:\windows\system32\AUDIOSES.DLL'
29091d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29101d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbe1:<flags> [calling]
29111d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29121d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29131d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dbe1:<flags> [calling]
29141d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29151d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29161d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29171d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29181d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb5e0000 'C:\windows\system32\wdmaud.drv'
29191d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
29201d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
29211d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
29221d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
29231d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
29241d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29251d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29261d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29271d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
29281d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
29291d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
29301d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
29311d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29321d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29331d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29341d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29351d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29361d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29371d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
29381d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
29391d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
29401d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
29411d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
29421d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29431d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29441d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29451d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29461d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29471d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
29481d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
29491d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29501d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29511d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29521d38.2868: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
29531d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29541d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29551d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29561d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29571d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29581d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29591d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29601d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29611d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29621d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29631d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29641d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29651d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29661d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29671d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d9e1:<flags> [calling]
29681d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29691d38.2868: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
29701d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29711d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29721d38.2868: supR3HardenedDllNotificationCallback: load 000007fefb130000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
29731d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29741d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29751d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29761d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29771d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29781d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29791d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29801d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29811d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29821d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29831d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29841d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29851d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29861d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29871d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29881d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29891d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29901d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29911d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3e1:<flags> [calling]
29921d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29931d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29941d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29951d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb340000 'C:\windows\system32\msacm32.drv'
29961d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f48 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
29971d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
29981d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
29991d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
30001d38.2868: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
30011d38.2868: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30021d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30031d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
30041d38.2868: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
30051d38.2868: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
30061d38.2868: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
30071d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30081d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30091d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30101d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30111d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30121d38.2868: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30131d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d9e1:<flags> [calling]
30141d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30151d38.2868: supR3HardenedDllNotificationCallback: load 000007fefb330000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
30161d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30171d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\windows\system32\midimap.dll'
30181d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30191d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3b1:<flags> [calling]
30201d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\windows\system32\midimap.dll'
30211d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30221d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d3b1:<flags> [calling]
30231d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\windows\system32\midimap.dll'
30241d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30251d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832d9e1:<flags> [calling]
30261d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\windows\system32\midimap.dll'
30271d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30281d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30291d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30301d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7f0000 'C:\windows\system32\ole32.dll'
30311d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30321d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30331d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30341d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e001:<flags> [calling]
30351d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30361d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30371d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30381d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30391d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30401d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30411d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30421d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832da51:<flags> [calling]
30431d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30441d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef6c0000 'C:\windows\system32/dsound.dll'
30451d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30461d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30471d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30481d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30491d38.26b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30501d38.26b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001559dc51:<flags> [calling]
30511d38.26b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab80000 'C:\windows\System32\audioses.dll'
30521d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30531d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30541d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30551d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832dc21:<flags> [calling]
30561d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef6c0000 'C:\windows\system32/dsound.dll'
30571d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbdf0000 'C:\windows\system32\winmm.dll'
30581d38.2868: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
30591d38.2868: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32/kernel32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000832e101:<flags> [calling]
30601d38.2868: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
30611d38.2868: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000774b0000 'C:\windows\system32/kernel32.dll'
30621d38.17b4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
30631d38.17b4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000800f5f1:<flags> [calling]
30641d38.17b4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe390000 'C:\windows\system32\OLEAUT32.dll'
30651d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ae8 pwszName=\Device\HarddiskVolume2\Windows\System32\mscms.dll
30661d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
30671d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
30681d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
30691d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000168811:<flags> [calling]
30701d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd420000 'C:\windows\system32\WINTRUST.DLL'
30711d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
30721d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000000168641:<flags> [calling]
30731d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd460000 'C:\windows\system32\CRYPT32.dll'
30741d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77B48D4C63C7308FE42B2B7DF054999F6CE86C20
30751d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\windows\system32\cryptnet.dll'
30761d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\mscms.dll'
30771d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30781d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30791d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'userenv.dll'.
30801d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
30811d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
30821d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mscms.dll) WinVerifyTrust
30831d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mscms.dll
30841d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
30851d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
30861d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30871d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30881d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
30891d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
30901d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
30911d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30921d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30931d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mscms.dll (Input=mscms.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016aa31:<flags> [calling]
30941d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
30951d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef6f80000 LB 0x0009c000 C:\windows\system32\mscms.dll [fFlags=0x0]
30961d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
30971d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f80000 'C:\windows\system32\mscms.dll'
30981d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000010dc pwszName=\Device\HarddiskVolume2\Windows\System32\icm32.dll
30991d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
31001d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
31011d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A467A1C0C873D06FC9374DE3DAC05A8C3CE89002
31021d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-ICM-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\icm32.dll'
31031d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31041d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31051d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'mscms.dll'.
31061d38.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
31071d38.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\icm32.dll) WinVerifyTrust
31081d38.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\icm32.dll
31091d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31101d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31111d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mscms.dll'...
31121d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mscms.dll' -> '\Device\HarddiskVolume2\Windows\System32\mscms.dll' [rcNtRedir=0xc0150008]
31131d38.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mscms.dll
31141d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31151d38.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31161d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\icm32.dll (Input=icm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016a6d1:<flags> [calling]
31171d38.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
31181d38.2ba8: supR3HardenedDllNotificationCallback: load 000007fef6bf0000 LB 0x00042000 C:\windows\system32\icm32.dll [fFlags=0x0]
31191d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\icm32.dll
31201d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6bf0000 'C:\windows\system32\icm32.dll'
31211d38.5f90: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
31221d38.5f90: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003c89f751:<flags> [calling]
31231d38.5f90: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbe30000 'C:\windows\system32\avrt.dll'
31241d38.2ba8: supR3HardenedMonitor_LdrLoadDll: 'C:\windows\system32\comctl32.dll' -> 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [redir]
31251d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [redoing WinVerifyTrust]
31261d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
31271d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000006bd940
31281d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000006bd940
31291d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
31301d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
31311d38.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31321d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
31331d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll (Input=C:\windows\system32\comctl32.dll, rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000016b471:<flags> [calling]
31341d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6ee0000 'C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'
31351d38.3c54: supR3HardenedDllNotificationCallback: Unload 000007fef8ec0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [flags=0x0]
31361d38.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
31371d38.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000016ab41:<flags> [calling]
31381d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
31391d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
31401d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
31411d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
31421d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'
31431d38.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea70000 'C:\windows\system32\shell32.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy