VirtualBox

Ticket #16651: VBoxHardening.log

File VBoxHardening.log, 354.5 KB (added by Giorgio SIlvio, 7 years ago)
Line 
12454.2ba0: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
22454.2ba0: \SystemRoot\System32\ntdll.dll:
32454.2ba0: CreationTime: 2017-03-17T07:55:36.492588900Z
42454.2ba0: LastWriteTime: 2017-02-09T16:33:37.296703900Z
52454.2ba0: ChangeTime: 2017-03-17T15:57:24.001177600Z
62454.2ba0: FileAttributes: 0x20
72454.2ba0: Size: 0x1a7100
82454.2ba0: NT Headers: 0xe0
92454.2ba0: Timestamp: 0x589c99e1
102454.2ba0: Machine: 0x8664 - amd64
112454.2ba0: Timestamp: 0x589c99e1
122454.2ba0: Image Version: 6.1
132454.2ba0: SizeOfImage: 0x1aa000 (1744896)
142454.2ba0: Resource Dir: 0x14e000 LB 0x5a028
152454.2ba0: ProductName: Microsoft® Windows® Operating System
162454.2ba0: ProductVersion: 6.1.7601.23677
172454.2ba0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
182454.2ba0: FileDescription: NT Layer DLL
192454.2ba0: \SystemRoot\System32\kernel32.dll:
202454.2ba0: CreationTime: 2017-03-17T07:55:36.964636100Z
212454.2ba0: LastWriteTime: 2017-02-09T16:31:56.078000000Z
222454.2ba0: ChangeTime: 2017-03-17T15:57:29.910768500Z
232454.2ba0: FileAttributes: 0x20
242454.2ba0: Size: 0x11c000
252454.2ba0: NT Headers: 0xe0
262454.2ba0: Timestamp: 0x589c9a26
272454.2ba0: Machine: 0x8664 - amd64
282454.2ba0: Timestamp: 0x589c9a26
292454.2ba0: Image Version: 6.1
302454.2ba0: SizeOfImage: 0x11f000 (1175552)
312454.2ba0: Resource Dir: 0x116000 LB 0x528
322454.2ba0: ProductName: Microsoft® Windows® Operating System
332454.2ba0: ProductVersion: 6.1.7601.23677
342454.2ba0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
352454.2ba0: FileDescription: Windows NT BASE API Client DLL
362454.2ba0: \SystemRoot\System32\KernelBase.dll:
372454.2ba0: CreationTime: 2017-03-17T07:55:40.139953600Z
382454.2ba0: LastWriteTime: 2017-02-09T16:31:56.094000000Z
392454.2ba0: ChangeTime: 2017-03-17T15:57:29.912768700Z
402454.2ba0: FileAttributes: 0x20
412454.2ba0: Size: 0x66800
422454.2ba0: NT Headers: 0xe8
432454.2ba0: Timestamp: 0x589c9a27
442454.2ba0: Machine: 0x8664 - amd64
452454.2ba0: Timestamp: 0x589c9a27
462454.2ba0: Image Version: 6.1
472454.2ba0: SizeOfImage: 0x6a000 (434176)
482454.2ba0: Resource Dir: 0x68000 LB 0x530
492454.2ba0: ProductName: Microsoft® Windows® Operating System
502454.2ba0: ProductVersion: 6.1.7601.23677
512454.2ba0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
522454.2ba0: FileDescription: Windows NT BASE API Client DLL
532454.2ba0: \SystemRoot\System32\apisetschema.dll:
542454.2ba0: CreationTime: 2017-03-17T07:55:44.125352100Z
552454.2ba0: LastWriteTime: 2017-02-09T16:31:48.512000000Z
562454.2ba0: ChangeTime: 2017-03-17T15:57:23.731150600Z
572454.2ba0: FileAttributes: 0x20
582454.2ba0: Size: 0x1a00
592454.2ba0: NT Headers: 0xc0
602454.2ba0: Timestamp: 0x589c99bd
612454.2ba0: Machine: 0x8664 - amd64
622454.2ba0: Timestamp: 0x589c99bd
632454.2ba0: Image Version: 6.1
642454.2ba0: SizeOfImage: 0x50000 (327680)
652454.2ba0: Resource Dir: 0x30000 LB 0x3f8
662454.2ba0: ProductName: Microsoft® Windows® Operating System
672454.2ba0: ProductVersion: 6.1.7601.23677
682454.2ba0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
692454.2ba0: FileDescription: ApiSet Schema DLL
702454.2ba0: supR3HardenedWinFindAdversaries: 0x20
712454.2ba0: \SystemRoot\System32\drivers\mfeapfk.sys:
722454.2ba0: CreationTime: 2015-06-15T15:57:57.160678400Z
732454.2ba0: LastWriteTime: 2015-07-27T09:53:09.215370900Z
742454.2ba0: ChangeTime: 2015-07-27T09:53:49.060338300Z
752454.2ba0: FileAttributes: 0x20
762454.2ba0: Size: 0x2f000
772454.2ba0: NT Headers: 0xf0
782454.2ba0: Timestamp: 0x54cbd0b9
792454.2ba0: Machine: 0x8664 - amd64
802454.2ba0: Timestamp: 0x54cbd0b9
812454.2ba0: Image Version: 0.0
822454.2ba0: SizeOfImage: 0x2cc80 (183424)
832454.2ba0: Resource Dir: 0x2c480 LB 0x340
842454.2ba0: ProductName: SYSCORE
852454.2ba0: FileVersion: SYSCORE.15.3.0.672
862454.2ba0: PrivateBuild: SYSCORE.15.3.0.672 F16
872454.2ba0: FileDescription: Access Protection Filter Driver
882454.2ba0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
892454.2ba0: Calling main()
902454.2ba0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
912454.2ba0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
922454.2ba0: SUPR3HardenedMain: Respawn #1
932454.2ba0: System32: \Device\HarddiskVolume2\Windows\System32
942454.2ba0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
952454.2ba0: KnownDllPath: C:\windows\system32
962454.2ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
972454.2ba0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
982454.2ba0: supR3HardNtEnableThreadCreation:
992454.2ba0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076daa360 pvNtTerminateThread=0000000076dcc260
1002454.2ba0: supR3HardenedWinDoReSpawn(1): New child 26f0.2aac [kernel32].
1012454.2ba0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdb000 cbPeb=0x380
1022454.2ba0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076d80000 uNtDllChildAddr=0000000076d80000
1032454.2ba0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076daa360
1042454.2ba0: supR3HardenedWinSetupChildInit: Start child.
1052454.2ba0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
1062454.2ba0: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
1072454.2ba0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1082454.2ba0: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
1092454.2ba0: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
1102454.2ba0: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
1112454.2ba0: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
1122454.2ba0: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
1132454.2ba0: 0000000000041000-fffffffffff61fff 0x0001/0x0000 0x0000000
1142454.2ba0: *0000000000120000-0000000000023fff 0x0000/0x0004 0x0020000
1152454.2ba0: 000000000021c000-0000000000219fff 0x0104/0x0004 0x0020000
1162454.2ba0: 000000000021e000-000000000021bfff 0x0004/0x0004 0x0020000
1172454.2ba0: 0000000000220000-ffffffff896bffff 0x0001/0x0000 0x0000000
1182454.2ba0: *0000000076d80000-0000000076d80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1192454.2ba0: 0000000076d81000-0000000076e7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1202454.2ba0: 0000000076e7e000-0000000076eacfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1212454.2ba0: 0000000076ead000-0000000076eb6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1222454.2ba0: 0000000076eb7000-0000000076eb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1232454.2ba0: 0000000076eb8000-0000000076ebafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1242454.2ba0: 0000000076ebb000-0000000076f29fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
1252454.2ba0: 0000000076f2a000-000000006ee73fff 0x0001/0x0000 0x0000000
1262454.2ba0: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
1272454.2ba0: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
1282454.2ba0: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
1292454.2ba0: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
1302454.2ba0: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1312454.2ba0: 000000013f1f1000-000000013f25ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1322454.2ba0: 000000013f260000-000000013f260fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1332454.2ba0: 000000013f261000-000000013f2a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1342454.2ba0: 000000013f2a6000-000000013f2a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1352454.2ba0: 000000013f2a7000-000000013f2a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1362454.2ba0: 000000013f2a8000-000000013f2acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1372454.2ba0: 000000013f2ad000-000000013f2adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1382454.2ba0: 000000013f2ae000-000000013f2aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1392454.2ba0: 000000013f2af000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1402454.2ba0: 000000013f2b3000-000000013f2fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
1412454.2ba0: 000000013f2fb000-fffff8037f555fff 0x0001/0x0000 0x0000000
1422454.2ba0: *000007feff0a0000-000007feff0a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
1432454.2ba0: 000007feff0a1000-000007fdfe191fff 0x0001/0x0000 0x0000000
1442454.2ba0: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
1452454.2ba0: 000007fffffd3000-000007fffffcafff 0x0001/0x0000 0x0000000
1462454.2ba0: *000007fffffdb000-000007fffffd9fff 0x0004/0x0004 0x0020000
1472454.2ba0: 000007fffffdc000-000007fffffd9fff 0x0001/0x0000 0x0000000
1482454.2ba0: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
1492454.2ba0: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
1502454.2ba0: apisetschema.dll: timestamp 0x589c99bd (rc=VINF_SUCCESS)
1512454.2ba0: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
1522454.2ba0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1532454.2ba0: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
1542454.2ba0: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
1552454.2ba0: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
15626f0.2aac: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
15726f0.2aac: supR3HardenedVmProcessInit: uNtDllAddr=0000000076d80000 g_uNtVerCombined=0x611db100
15826f0.2aac: ntdll.dll: timestamp 0x589c99e1 (rc=VINF_SUCCESS)
15926f0.2aac: New simple heap: #1 0000000000320000 LB 0x400000 (for 1744896 allocation)
1602454.2ba0: supR3HardNtEnableThreadCreation:
16126f0.2aac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
16226f0.2aac: System32: \Device\HarddiskVolume2\Windows\System32
16326f0.2aac: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
16426f0.2aac: KnownDllPath: C:\windows\system32
16526f0.2aac: supR3HardenedVmProcessInit: Opening vboxdrv stub...
16626f0.2aac: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
16726f0.2aac: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
16826f0.2aac: Registered Dll notification callback with NTDLL.
16926f0.2aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
17026f0.2aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
17126f0.2aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
17226f0.2aac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
17326f0.2aac: supR3HardenedDllNotificationCallback: load 0000000076c60000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
17426f0.2aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
17526f0.2aac: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
17626f0.2aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
17726f0.2aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
17826f0.2aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c60000 'C:\windows\system32\kernel32.dll'
17926f0.2aac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076daa360 pvNtTerminateThread=0000000076dcc260
1802454.2ba0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 47 ms.
18126f0.2aac: \SystemRoot\System32\ntdll.dll:
18226f0.2aac: CreationTime: 2017-03-17T07:55:36.492588900Z
18326f0.2aac: LastWriteTime: 2017-02-09T16:33:37.296703900Z
18426f0.2aac: ChangeTime: 2017-03-17T15:57:24.001177600Z
18526f0.2aac: FileAttributes: 0x20
18626f0.2aac: Size: 0x1a7100
18726f0.2aac: NT Headers: 0xe0
18826f0.2aac: Timestamp: 0x589c99e1
18926f0.2aac: Machine: 0x8664 - amd64
19026f0.2aac: Timestamp: 0x589c99e1
19126f0.2aac: Image Version: 6.1
19226f0.2aac: SizeOfImage: 0x1aa000 (1744896)
19326f0.2aac: Resource Dir: 0x14e000 LB 0x5a028
19426f0.2aac: ProductName: Microsoft® Windows® Operating System
19526f0.2aac: ProductVersion: 6.1.7601.23677
19626f0.2aac: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
19726f0.2aac: FileDescription: NT Layer DLL
19826f0.2aac: \SystemRoot\System32\kernel32.dll:
19926f0.2aac: CreationTime: 2017-03-17T07:55:36.964636100Z
20026f0.2aac: LastWriteTime: 2017-02-09T16:31:56.078000000Z
20126f0.2aac: ChangeTime: 2017-03-17T15:57:29.910768500Z
20226f0.2aac: FileAttributes: 0x20
20326f0.2aac: Size: 0x11c000
20426f0.2aac: NT Headers: 0xe0
20526f0.2aac: Timestamp: 0x589c9a26
20626f0.2aac: Machine: 0x8664 - amd64
20726f0.2aac: Timestamp: 0x589c9a26
20826f0.2aac: Image Version: 6.1
20926f0.2aac: SizeOfImage: 0x11f000 (1175552)
21026f0.2aac: Resource Dir: 0x116000 LB 0x528
21126f0.2aac: ProductName: Microsoft® Windows® Operating System
21226f0.2aac: ProductVersion: 6.1.7601.23677
21326f0.2aac: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
21426f0.2aac: FileDescription: Windows NT BASE API Client DLL
21526f0.2aac: \SystemRoot\System32\KernelBase.dll:
21626f0.2aac: CreationTime: 2017-03-17T07:55:40.139953600Z
21726f0.2aac: LastWriteTime: 2017-02-09T16:31:56.094000000Z
21826f0.2aac: ChangeTime: 2017-03-17T15:57:29.912768700Z
21926f0.2aac: FileAttributes: 0x20
22026f0.2aac: Size: 0x66800
22126f0.2aac: NT Headers: 0xe8
22226f0.2aac: Timestamp: 0x589c9a27
22326f0.2aac: Machine: 0x8664 - amd64
22426f0.2aac: Timestamp: 0x589c9a27
22526f0.2aac: Image Version: 6.1
22626f0.2aac: SizeOfImage: 0x6a000 (434176)
22726f0.2aac: Resource Dir: 0x68000 LB 0x530
22826f0.2aac: ProductName: Microsoft® Windows® Operating System
22926f0.2aac: ProductVersion: 6.1.7601.23677
23026f0.2aac: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
23126f0.2aac: FileDescription: Windows NT BASE API Client DLL
23226f0.2aac: \SystemRoot\System32\apisetschema.dll:
23326f0.2aac: CreationTime: 2017-03-17T07:55:44.125352100Z
23426f0.2aac: LastWriteTime: 2017-02-09T16:31:48.512000000Z
23526f0.2aac: ChangeTime: 2017-03-17T15:57:23.731150600Z
23626f0.2aac: FileAttributes: 0x20
23726f0.2aac: Size: 0x1a00
23826f0.2aac: NT Headers: 0xc0
23926f0.2aac: Timestamp: 0x589c99bd
24026f0.2aac: Machine: 0x8664 - amd64
24126f0.2aac: Timestamp: 0x589c99bd
24226f0.2aac: Image Version: 6.1
24326f0.2aac: SizeOfImage: 0x50000 (327680)
24426f0.2aac: Resource Dir: 0x30000 LB 0x3f8
24526f0.2aac: ProductName: Microsoft® Windows® Operating System
24626f0.2aac: ProductVersion: 6.1.7601.23677
24726f0.2aac: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
24826f0.2aac: FileDescription: ApiSet Schema DLL
24926f0.2aac: supR3HardenedWinFindAdversaries: 0x20
25026f0.2aac: \SystemRoot\System32\drivers\mfeapfk.sys:
25126f0.2aac: CreationTime: 2015-06-15T15:57:57.160678400Z
25226f0.2aac: LastWriteTime: 2015-07-27T09:53:09.215370900Z
25326f0.2aac: ChangeTime: 2015-07-27T09:53:49.060338300Z
25426f0.2aac: FileAttributes: 0x20
25526f0.2aac: Size: 0x2f000
25626f0.2aac: NT Headers: 0xf0
25726f0.2aac: Timestamp: 0x54cbd0b9
25826f0.2aac: Machine: 0x8664 - amd64
25926f0.2aac: Timestamp: 0x54cbd0b9
26026f0.2aac: Image Version: 0.0
26126f0.2aac: SizeOfImage: 0x2cc80 (183424)
26226f0.2aac: Resource Dir: 0x2c480 LB 0x340
26326f0.2aac: ProductName: SYSCORE
26426f0.2aac: FileVersion: SYSCORE.15.3.0.672
26526f0.2aac: PrivateBuild: SYSCORE.15.3.0.672 F16
26626f0.2aac: FileDescription: Access Protection Filter Driver
26726f0.2aac: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
26826f0.2aac: Calling main()
26926f0.2aac: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
27026f0.2aac: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
27126f0.2aac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
27226f0.2aac: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
27326f0.2aac: SUPR3HardenedMain: Respawn #2
27426f0.2aac: supR3HardNtEnableThreadCreation:
27526f0.2aac: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
27626f0.2aac: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
27726f0.2aac: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
27826f0.2aac: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
27926f0.2aac: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
28026f0.2aac: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
28126f0.2aac: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\apphelp.dll'
28226f0.2aac: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076daa360 pvNtTerminateThread=0000000076dcc260
28326f0.2aac: supR3HardenedWinDoReSpawn(2): New child 1ec8.2d84 [kernel32].
28426f0.2aac: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdc000 cbPeb=0x380
28526f0.2aac: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000076d80000 uNtDllChildAddr=0000000076d80000
28626f0.2aac: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000076daa360
28726f0.2aac: supR3HardenedWinSetupChildInit: Start child.
28826f0.2aac: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 2 ms.
28926f0.2aac: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
29026f0.2aac: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
29126f0.2aac: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
29226f0.2aac: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
29326f0.2aac: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
29426f0.2aac: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
29526f0.2aac: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
29626f0.2aac: 0000000000041000-fffffffffff11fff 0x0001/0x0000 0x0000000
29726f0.2aac: *0000000000170000-0000000000073fff 0x0000/0x0004 0x0020000
29826f0.2aac: 000000000026c000-0000000000269fff 0x0104/0x0004 0x0020000
29926f0.2aac: 000000000026e000-000000000026bfff 0x0004/0x0004 0x0020000
30026f0.2aac: 0000000000270000-ffffffff8975ffff 0x0001/0x0000 0x0000000
30126f0.2aac: *0000000076d80000-0000000076d80fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30226f0.2aac: 0000000076d81000-0000000076e7dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30326f0.2aac: 0000000076e7e000-0000000076eacfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30426f0.2aac: 0000000076ead000-0000000076eb6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30526f0.2aac: 0000000076eb7000-0000000076eb7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30626f0.2aac: 0000000076eb8000-0000000076ebafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30726f0.2aac: 0000000076ebb000-0000000076f29fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
30826f0.2aac: 0000000076f2a000-000000006ee73fff 0x0001/0x0000 0x0000000
30926f0.2aac: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
31026f0.2aac: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
31126f0.2aac: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
31226f0.2aac: 000000007fff0000-ffffffffc0deffff 0x0001/0x0000 0x0000000
31326f0.2aac: *000000013f1f0000-000000013f1f0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31426f0.2aac: 000000013f1f1000-000000013f25ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31526f0.2aac: 000000013f260000-000000013f260fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31626f0.2aac: 000000013f261000-000000013f2a5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31726f0.2aac: 000000013f2a6000-000000013f2a6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31826f0.2aac: 000000013f2a7000-000000013f2a7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
31926f0.2aac: 000000013f2a8000-000000013f2acfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32026f0.2aac: 000000013f2ad000-000000013f2adfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32126f0.2aac: 000000013f2ae000-000000013f2aefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32226f0.2aac: 000000013f2af000-000000013f2b2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32326f0.2aac: 000000013f2b3000-000000013f2fafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
32426f0.2aac: 000000013f2fb000-fffff8037f555fff 0x0001/0x0000 0x0000000
32526f0.2aac: *000007feff0a0000-000007feff0a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
32626f0.2aac: 000007feff0a1000-000007fdfe191fff 0x0001/0x0000 0x0000000
32726f0.2aac: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
32826f0.2aac: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
32926f0.2aac: *000007fffffdc000-000007fffffdafff 0x0004/0x0004 0x0020000
33026f0.2aac: 000007fffffdd000-000007fffffdbfff 0x0001/0x0000 0x0000000
33126f0.2aac: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
33226f0.2aac: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
33326f0.2aac: apisetschema.dll: timestamp 0x589c99bd (rc=VINF_SUCCESS)
33426f0.2aac: VirtualBox.exe: timestamp 0x58c95b24 (rc=VINF_SUCCESS)
33526f0.2aac: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
33626f0.2aac: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
33726f0.2aac: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
33826f0.2aac: supR3HardNtChildPurify: Done after 561 ms and 0 fixes (loop #0).
3391ec8.2d84: Log file opened: 5.1.18r114002 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3401ec8.2d84: supR3HardenedVmProcessInit: uNtDllAddr=0000000076d80000 g_uNtVerCombined=0x611db100
3411ec8.2d84: ntdll.dll: timestamp 0x589c99e1 (rc=VINF_SUCCESS)
34226f0.2aac: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000320000 LB 0x400000)
3431ec8.2d84: New simple heap: #1 0000000000270000 LB 0x400000 (for 1744896 allocation)
34426f0.2aac: supR3HardNtEnableThreadCreation:
3451ec8.2d84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
3461ec8.2d84: System32: \Device\HarddiskVolume2\Windows\System32
3471ec8.2d84: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3481ec8.2d84: KnownDllPath: C:\windows\system32
3491ec8.2d84: supR3HardenedVmProcessInit: Opening vboxdrv...
3501ec8.2d84: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3511ec8.2d84: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3521ec8.2d84: Registered Dll notification callback with NTDLL.
3531ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3541ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3561ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3571ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000076c60000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
3581ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3591ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
3601ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3611ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3621ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c60000 'C:\windows\system32\kernel32.dll'
3631ec8.2d84: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000076daa360 pvNtTerminateThread=0000000076dcc260
36426f0.2aac: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 57 ms.
3651ec8.2d84: \SystemRoot\System32\ntdll.dll:
3661ec8.2d84: CreationTime: 2017-03-17T07:55:36.492588900Z
3671ec8.2d84: LastWriteTime: 2017-02-09T16:33:37.296703900Z
3681ec8.2d84: ChangeTime: 2017-03-17T15:57:24.001177600Z
3691ec8.2d84: FileAttributes: 0x20
3701ec8.2d84: Size: 0x1a7100
3711ec8.2d84: NT Headers: 0xe0
3721ec8.2d84: Timestamp: 0x589c99e1
3731ec8.2d84: Machine: 0x8664 - amd64
3741ec8.2d84: Timestamp: 0x589c99e1
3751ec8.2d84: Image Version: 6.1
3761ec8.2d84: SizeOfImage: 0x1aa000 (1744896)
3771ec8.2d84: Resource Dir: 0x14e000 LB 0x5a028
3781ec8.2d84: ProductName: Microsoft® Windows® Operating System
3791ec8.2d84: ProductVersion: 6.1.7601.23677
3801ec8.2d84: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3811ec8.2d84: FileDescription: NT Layer DLL
3821ec8.2d84: \SystemRoot\System32\kernel32.dll:
3831ec8.2d84: CreationTime: 2017-03-17T07:55:36.964636100Z
3841ec8.2d84: LastWriteTime: 2017-02-09T16:31:56.078000000Z
3851ec8.2d84: ChangeTime: 2017-03-17T15:57:29.910768500Z
3861ec8.2d84: FileAttributes: 0x20
3871ec8.2d84: Size: 0x11c000
3881ec8.2d84: NT Headers: 0xe0
3891ec8.2d84: Timestamp: 0x589c9a26
3901ec8.2d84: Machine: 0x8664 - amd64
3911ec8.2d84: Timestamp: 0x589c9a26
3921ec8.2d84: Image Version: 6.1
3931ec8.2d84: SizeOfImage: 0x11f000 (1175552)
3941ec8.2d84: Resource Dir: 0x116000 LB 0x528
3951ec8.2d84: ProductName: Microsoft® Windows® Operating System
3961ec8.2d84: ProductVersion: 6.1.7601.23677
3971ec8.2d84: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3981ec8.2d84: FileDescription: Windows NT BASE API Client DLL
3991ec8.2d84: \SystemRoot\System32\KernelBase.dll:
4001ec8.2d84: CreationTime: 2017-03-17T07:55:40.139953600Z
4011ec8.2d84: LastWriteTime: 2017-02-09T16:31:56.094000000Z
4021ec8.2d84: ChangeTime: 2017-03-17T15:57:29.912768700Z
4031ec8.2d84: FileAttributes: 0x20
4041ec8.2d84: Size: 0x66800
4051ec8.2d84: NT Headers: 0xe8
4061ec8.2d84: Timestamp: 0x589c9a27
4071ec8.2d84: Machine: 0x8664 - amd64
4081ec8.2d84: Timestamp: 0x589c9a27
4091ec8.2d84: Image Version: 6.1
4101ec8.2d84: SizeOfImage: 0x6a000 (434176)
4111ec8.2d84: Resource Dir: 0x68000 LB 0x530
4121ec8.2d84: ProductName: Microsoft® Windows® Operating System
4131ec8.2d84: ProductVersion: 6.1.7601.23677
4141ec8.2d84: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
4151ec8.2d84: FileDescription: Windows NT BASE API Client DLL
4161ec8.2d84: \SystemRoot\System32\apisetschema.dll:
4171ec8.2d84: CreationTime: 2017-03-17T07:55:44.125352100Z
4181ec8.2d84: LastWriteTime: 2017-02-09T16:31:48.512000000Z
4191ec8.2d84: ChangeTime: 2017-03-17T15:57:23.731150600Z
4201ec8.2d84: FileAttributes: 0x20
4211ec8.2d84: Size: 0x1a00
4221ec8.2d84: NT Headers: 0xc0
4231ec8.2d84: Timestamp: 0x589c99bd
4241ec8.2d84: Machine: 0x8664 - amd64
4251ec8.2d84: Timestamp: 0x589c99bd
4261ec8.2d84: Image Version: 6.1
4271ec8.2d84: SizeOfImage: 0x50000 (327680)
4281ec8.2d84: Resource Dir: 0x30000 LB 0x3f8
4291ec8.2d84: ProductName: Microsoft® Windows® Operating System
4301ec8.2d84: ProductVersion: 6.1.7601.23677
4311ec8.2d84: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
4321ec8.2d84: FileDescription: ApiSet Schema DLL
4331ec8.2d84: supR3HardenedWinFindAdversaries: 0x20
4341ec8.2d84: \SystemRoot\System32\drivers\mfeapfk.sys:
4351ec8.2d84: CreationTime: 2015-06-15T15:57:57.160678400Z
4361ec8.2d84: LastWriteTime: 2015-07-27T09:53:09.215370900Z
4371ec8.2d84: ChangeTime: 2015-07-27T09:53:49.060338300Z
4381ec8.2d84: FileAttributes: 0x20
4391ec8.2d84: Size: 0x2f000
4401ec8.2d84: NT Headers: 0xf0
4411ec8.2d84: Timestamp: 0x54cbd0b9
4421ec8.2d84: Machine: 0x8664 - amd64
4431ec8.2d84: Timestamp: 0x54cbd0b9
4441ec8.2d84: Image Version: 0.0
4451ec8.2d84: SizeOfImage: 0x2cc80 (183424)
4461ec8.2d84: Resource Dir: 0x2c480 LB 0x340
4471ec8.2d84: ProductName: SYSCORE
4481ec8.2d84: FileVersion: SYSCORE.15.3.0.672
4491ec8.2d84: PrivateBuild: SYSCORE.15.3.0.672 F16
4501ec8.2d84: FileDescription: Access Protection Filter Driver
4511ec8.2d84: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4521ec8.2d84: Calling main()
4531ec8.2d84: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4541ec8.2d84: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
4551ec8.2d84: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
4561ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
4571ec8.2d84: SUPR3HardenedMain: Final process, opening VBoxDrv...
4581ec8.2d84: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000270000 LB 0x400000)
4591ec8.2d84: supR3HardNtEnableThreadCreation:
4601ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
4611ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
4621ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026b7b1:<flags> [calling]
4631ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4641ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefb3b0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
4651ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4661ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4671ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000268f31:<flags> [calling]
4681ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4691ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
4701ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000268f31:<flags> [calling]
4711ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4721ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
4731ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4741ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
4751ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4761ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
4771ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4781ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4811ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4821ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4851ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4861ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4871ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4891ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4901ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4911ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4921ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4941ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4951ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4961ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4971ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4991ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5001ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5021ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5031ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d5c1:<flags> [calling]
5041ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5051ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefcdd0000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
5061ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5071ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefefd0000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
5081ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5091ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefca80000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
5101ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5111ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
5121ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
5131ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe3e0000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
5141ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5151ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\windows\system32\Wintrust.dll'
5161ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
5171ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
5181ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d5c1:<flags> [calling]
5191ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5201ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc3b0000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
5211ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5221ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\windows\system32\bcrypt.dll'
5231ec8.2d84: bcrypt.dll loaded at 000007fefc3b0000, BCryptOpenAlgorithmProvider at 000007fefc3b2460, preloading providers:
5241ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
5251ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
5261ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5271ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5281ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5291ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5301ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5321ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5331ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5341ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
5351ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
5361ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
5371ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5381ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5391ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5401ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5411ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5421ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5431ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d5a1:<flags> [calling]
5441ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5451ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefbea0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
5461ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5471ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefec60000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
5481ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5491ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
5501ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
5511ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5521ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5531ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefef00000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
5541ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbea0000 'C:\windows\system32\bcryptprimitives.dll'
5561ec8.2d84: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000082e0f0)
5571ec8.2d84: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000082ffb0)
5581ec8.2d84: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008300e0)
5591ec8.2d84: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=0000000000830300)
5601ec8.2d84: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=0000000000830430)
5611ec8.2d84: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=0000000000830560)
5621ec8.2d84: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008307b0)
5631ec8.2d84: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008308e0)
5641ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5651ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5661ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5671ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5681ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5691ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5701ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5711ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5721ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d111:<flags> [calling]
5731ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5741ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc260000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
5751ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5761ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc260000 'C:\windows\system32\CRYPTSP.dll'
5771ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5781ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5791ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5821ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5831ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d0a1:<flags> [calling]
5841ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5851ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefbf60000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
5861ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5871ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf60000 'C:\windows\system32\rsaenh.dll'
5881ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5891ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c931:<flags> [calling]
5901ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
5911ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5921ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5931ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ccb1:<flags> [calling]
5941ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5951ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc900000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
5961ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5971ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\windows\system32\CRYPTBASE.dll'
5981ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5991ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c6e1:<flags> [calling]
6001ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c60000 'C:\windows\system32\kernel32.dll'
6011ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
6021ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d071:<flags> [calling]
6031ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\windows\system32\WINTRUST.DLL'
6041ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
6051ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026cea1:<flags> [calling]
6061ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\windows\system32\CRYPT32.dll'
6071ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6081ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
6091ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
6101ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
6111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
6121ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
6131ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
6141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6161ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6171ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026cef1:<flags> [calling]
6181ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6191ec8.2d84: supR3HardenedDllNotificationCallback: load 000007feff070000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
6201ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
6211ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\imagehlp.dll'
6221ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
6231ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d041:<flags> [calling]
6241ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc260000 'C:\windows\system32\CRYPTSP.dll'
6251ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6261ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
6271ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
6281ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6291ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6301ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6311ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
6321ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
6331ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
6341ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
6351ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
6361ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6371ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6381ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
6391ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
6401ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
6411ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6421ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6431ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
6451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
6461ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6471ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
6481ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
6491ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
6501ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
6511ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6521ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6531ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6541ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6561ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6571ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6581ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6591ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6601ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6611ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6621ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6631ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6641ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6651ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6661ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026cb71:<flags> [calling]
6671ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6681ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000076b60000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
6691ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6701ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
6711ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6721ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe370000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
6731ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
6741ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefdc80000 LB 0x000ca000 C:\windows\system32\USP10.dll [fFlags=0x0]
6751ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
6761ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6771ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c071:<flags> [calling]
6781ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbb0000 'C:\windows\system32\gdi32.dll'
6791ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
6801ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
6811ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
6821ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
6831ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
6841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
6851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
6861ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6871ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6881ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
6891ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
6901ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
6911ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
6921ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6941ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6951ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6961ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6971ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
6991ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
7001ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
7021ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
7031ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
7041ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
7051ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
7061ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
7071ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7091ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7101ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026b9b1:<flags> [calling]
7111ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7121ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefefa0000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
7131ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
7141ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe6a0000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
7151ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
7161ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefa0000 'C:\windows\system32\IMM32.DLL'
7171ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b60000 'C:\windows\system32\USER32.dll'
7181ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
7191ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
7201ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
7211ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
7221ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
7231ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
7241ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
7251ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7261ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7271ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7281ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7291ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7301ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7311ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7321ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ce71:<flags> [calling]
7331ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7341ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc3e0000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
7351ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7361ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3e0000 'C:\windows\system32\ncrypt.dll'
7371ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7381ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026cc61:<flags> [calling]
7391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3b0000 'C:\windows\system32\bcrypt.dll'
7401ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7411ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
7421ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
7431ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
7441ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
7451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
7461ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
7471ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7481ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
7491ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
7501ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7511ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7521ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7531ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7541ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7551ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7561ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7571ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7581ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7591ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c5f1:<flags> [calling]
7601ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7611ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
7621ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7631ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefca70000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
7641ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7651ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\USERENV.dll'
7661ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c351:<flags> [calling]
7671ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7681ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c6e1:<flags> [calling]
7691ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
7721ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
7731ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
7741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7751ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7761ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7791ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7801ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c911:<flags> [calling]
7811ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7821ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefbd10000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
7831ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7841ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbd10000 'C:\windows\system32\GPAPI.dll'
7851ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c861:<flags> [calling]
7861ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
7871ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7881ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026bf61:<flags> [calling]
7891ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\windows\system32\rpcrt4.dll'
7901ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c841:<flags> [calling]
7911ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-Management-L2-1-0.dll'
7921ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c851:<flags> [calling]
7931ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7941ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7951ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
7961ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
7971ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
7981ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
7991ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
8001ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
8011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
8021ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8031ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
8041ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
8051ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8061ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8071ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8091ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8101ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8121ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8131ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8161ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8171ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c351:<flags> [calling]
8181ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8191ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef93c0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
8201ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8211ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefdc20000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
8221ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8231ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8241ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8251ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8261ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8271ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8281ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8291ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8301ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8311ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8321ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8331ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8341ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8351ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8361ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8371ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8381ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000026b581:<flags> [calling]
8401ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8411ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8421ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8431ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8441ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8451ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8471ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8481ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8491ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8501ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8511ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8521ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8531ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef93c0000 'C:\windows\system32\cryptnet.dll'
8541ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026bc71:<flags> [calling]
8551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8561ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8571ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026bc71:<flags> [calling]
8581ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\windows\system32\profapi.dll'
8591ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
8601ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
8611ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8621ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
8631ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
8641ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8651ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8661ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8671ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8681ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8691ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8701ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8711ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8721ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8731ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026b701:<flags> [calling]
8741ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8751ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefede0000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
8761ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8771ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'C:\windows\system32\SHLWAPI.dll'
8781ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8791ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000882b70
8801ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
8811ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB06E72F615B4CC217433B1A5A61256FDD806BC8
8821ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c631:<flags> [calling]
8831ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8841ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c191:<flags> [calling]
8851ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8861ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c191:<flags> [calling]
8871ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
8881ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8891ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c631:<flags> [calling]
8901ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
8911ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c5e1:<flags> [calling]
8921ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
8931ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000026c2d1:<flags> [calling]
8941ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
8951ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
8961ec8.2d84: g_pfnWinVerifyTrust=000007fefcdd1010
8971ec8.2d84: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8981ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
8991ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9001ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9011ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3F7F1801DE9BB273EE41D6569071191D49046620
9021ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_359_for_KB3207752~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9031ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9041ec8.2d84: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
9051ec8.2d84: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
9061ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
9071ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9081ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9091ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95764F8F8C0CB58DEAD93486461023910C063BC1
9101ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9111ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9121ec8.2d84: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
9131ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
9141ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9151ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9161ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
9171ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9181ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9191ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9231ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
9241ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9251ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9261ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9271ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9281ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9291ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9301ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C76D763ED1830F4180ADA4E3AD04BE27640F9DB3
9311ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9321ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9331ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9341ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
9351ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9361ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9371ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
9381ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9391ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9401ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9411ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
9421ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9431ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9441ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
9451ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
9461ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9471ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
9481ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
9491ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9501ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9511ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
9521ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
9531ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9541ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
9551ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
9561ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9571ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9581ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07289E135D82CD59E676C3B35C23CEC799A060D5
9591ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
9601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9611ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
9621ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
9631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
9661ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
9671ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9681ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
9691ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
9701ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9711ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9721ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
9731ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
9741ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9751ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
9761ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
9771ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9781ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9791ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ADC813DBDCF1B9FE5F76973E63FBF7AB579B7AB9
9801ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
9811ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9821ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
9831ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
9841ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9851ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9861ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6476128ECFCCBBE98E9D88478BD4355574A990C2
9871ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
9881ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9891ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
9901ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
9911ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9921ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
9931ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126444F4A25A12DBD10751B102843D9FD7BB320
9941ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
9951ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9961ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
9971ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
9981ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
9991ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10001ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
10011ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3207752~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
10021ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10031ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
10041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10051ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10061ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10071ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
10081ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10091ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10101ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
10111ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
10121ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10131ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10141ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BEA7B8798A240BF8044DC88BD0858BCF570AE64
10151ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10161ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10171ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10181ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
10191ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
10201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
10231ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10241ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10251ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10261ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
10271ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10281ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10291ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
10301ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10311ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10321ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10331ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
10341ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10351ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10361ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1A45338317E2403A09CD98DB614D5FC030DF62F
10371ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_216_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10381ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10391ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10401ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
10411ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
10421ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10431ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10441ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=830B502D881807930294E4891BE15146B1E7E10C
10451ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
10461ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10471ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
10481ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10491ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10501ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10511ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
10521ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
10531ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10541ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
10551ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
10561ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10571ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10581ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
10591ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
10601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10611ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
10621ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6D98EFDA5AD849FCFE1D958015D6B576F27401C
10661ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
10671ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10681ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
10691ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
10701ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
10711ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10721ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10731ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E05EE0D5C405A4EDCF47D726F8EABF1416BD9E8E
10741ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
10751ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10761ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
10771ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
10781ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
10791ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
10801ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=965E9904D7E008C8F75FAE3B7CD632EFC2A565F6
10811ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
10821ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10831ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
10841ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10851ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c0d1:<flags> [calling]
10861ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\windows\system32\crypt32.dll'
10871ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10881ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10891ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10901ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10911ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10921ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10931ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10941ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10951ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
10961ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
10971ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
10981ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10991ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
11001ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
11011ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
11021ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
11031ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
11041ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
11051ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
11061ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
11071ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
11081ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11091ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11101ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
11111ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
11121ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11131ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11141ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11151ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11161ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11171ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11181ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11191ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11201ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11211ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11221ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11231ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
11241ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11251ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11261ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
11271ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11281ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11291ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
11301ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
11311ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x31611a059e17c000 DC=loc, DC=dm, CN=corp-DM-CA
11321ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x15793bce05f2bf00 CN=WSUS Publishers Self-signed
11331ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11341ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x4b9ec0af1fb9c900 DC=loc, DC=dm, DC=lync, CN=lync-ROOT-CA
11351ec8.2d84: supR3HardenedWinIsDesiredRootCA: Adding 0x31611a059e17c000 DC=loc, DC=dm, CN=corp-DM-CA
11361ec8.2d84: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=49
11371ec8.2d84: SUPR3HardenedMain: Load Runtime...
11381ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11391ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11401ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11411ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11421ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
11431ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11461ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11471ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11481ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11491ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000458 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11501ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
11511ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
11521ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
11531ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
11541ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11551ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11561ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11571ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
11581ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
11591ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11601ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11611ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
11621ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11631ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
11641ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11651ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11661ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11671ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
11681ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
11691ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11701ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
11711ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
11721ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
11731ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
11741ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
11751ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
11761ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
11771ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
11781ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
11791ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11801ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
11811ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
11821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11841ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11861ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11871ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11881ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c401:<flags> [calling]
11891ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11901ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee1ee0000 LB 0x0053c000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
11911ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
11921ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
11931ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000077170000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
11941ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
11951ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11961ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000078ef0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
11971ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
11981ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe390000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
11991ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
12001ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe380000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
12011ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
12021ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12031ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12041ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12051ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12061ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12071ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12081ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12091ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12101ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12111ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12121ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12131ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12141ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12151ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12161ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12171ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12181ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12191ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12201ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12211ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12221ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12231ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12241ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12251ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12261ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12271ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12281ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12291ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12301ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12311ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12321ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12331ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12341ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12351ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12361ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12371ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12381ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12401ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12411ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12421ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12431ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12441ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12451ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
12461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000269b41:<flags> [calling]
12471ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12481ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12491ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12501ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ee0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
12511ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
12521ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026df61:<flags> [calling]
12531ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\windows\system32\Wintrust.dll'
12541ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026cab1:<flags> [calling]
12561ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca80000 'C:\windows\system32\crypt32.dll'
12571ec8.2d84: SUPR3HardenedMain: Load TrustedMain...
12581ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12591ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
12601ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
12611ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12621ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12631ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
12641ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
12651ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
12661ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12671ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12681ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
12691ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
12701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
12711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
12721ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
12731ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
12741ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
12751ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12761ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12771ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
12781ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
12791ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
12801ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
12811ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
12821ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12831ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12841ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12851ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
12861ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
12871ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12891ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12901ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
12911ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
12921ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6C3B3967CA9D3D145651C5098BAF1C0EA892DB24
12931ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
12941ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12951ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
12961ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12971ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
12981ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
12991ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
13001ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
13011ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
13021ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13031ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
13051ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
13061ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
13071ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
13081ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
13091ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13101ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13111ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
13121ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
13131ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13141ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13151ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13171ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13181ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
13191ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
13201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
13211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
13221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
13231ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13241ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13251ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
13261ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13271ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
13281ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
13291ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
13301ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13321ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13331ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13341ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13351ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13361ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13371ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13381ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13391ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13401ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13411ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
13421ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
13431ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
13441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
13451ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13461ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13471ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
13481ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
13491ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13501ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13511ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
13521ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
13531ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
13541ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
13551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13561ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13571ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13581ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13591ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13601ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13611ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13621ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13631ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13641ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
13651ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
13661ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13671ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13681ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13691ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13721ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13731ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13741ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13751ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
13761ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
13771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13791ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13801ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13811ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13821ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13831ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13841ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13851ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13861ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13871ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
13881ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
13891ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13901ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
13911ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
13921ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
13941ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
13951ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13961ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
13971ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13991ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
14001ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
14011ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
14021ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
14031ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
14041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14051ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14061ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
14071ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
14081ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
14091ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
14101ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
14111ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
14121ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14131ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14171ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
14181ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
14191ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
14201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
14211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
14221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14231ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14241ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14251ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
14261ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14271ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
14281ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
14291ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
14301ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
14311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14321ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14331ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
14341ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
14351ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
14361ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
14371ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
14381ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14391ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14401ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14411ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14421ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
14431ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
14441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14461ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14471ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14481ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14491ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14501ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14511ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14521ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14531ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14541ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14561ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14571ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14581ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14591ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000050c pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
14611ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
14621ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
14631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
14641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
14651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14661ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
14671ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
14681ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14691ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14701ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14711ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14721ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14731ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14751ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14761ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14791ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
14841ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
14851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14861ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
14871ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
14881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14891ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14901ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
14911ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14921ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14941ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14951ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14961ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14971ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14991ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15001ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15021ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15031ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15041ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15051ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15061ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15071ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
15081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
15091ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
15101ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15121ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15131ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15151ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15171ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15181ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15191ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15201ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15211ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15221ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15231ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15241ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15251ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15261ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
15271ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
15281ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
15291ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
15301ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15311ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15321ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
15331ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15341ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15351ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
15361ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
15371ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
15381ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15391ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
15401ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15411ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
15421ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
15431ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
15441ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
15451ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
15461ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15471ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15481ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15491ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15501ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
15511ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
15521ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15531ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15541ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15561ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15571ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15581ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15591ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15601ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15611ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15621ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15631ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15641ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15651ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15661ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15671ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15681ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15691ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
15701ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15711ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15721ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
15731ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15751ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
15761ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
15811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
15821ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
15831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15861ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15871ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15891ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15901ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15911ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15921ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15941ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15951ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15961ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15971ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15991ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16001ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16021ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
16031ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
16041ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
16051ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16061ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16071ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16091ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16101ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16121ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16131ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16171ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16181ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16191ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000510 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
16211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
16221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
16231ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
16241ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
16251ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16261ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16271ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16281ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16291ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
16301ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16321ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16331ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16341ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16351ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16361ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16371ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16381ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16391ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16401ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16411ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16421ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16431ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16451ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16461ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16471ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16481ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
16491ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
16501ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16511ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
16521ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
16531ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
16541ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16551ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16561ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16571ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16581ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16591ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
16601ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16611ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
16621ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
16631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
16641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
16651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
16661ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
16671ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
16681ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16691ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
16701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
16711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16721ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16731ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16741ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16751ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
16761ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
16771ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
16781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
16811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
16821ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
16831ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
16841ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
16851ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31A74D9F0CD6EDF8FC5A0A644C3B997ABF30083E
16861ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3197869~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
16871ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16881ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16891ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
16901ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16911ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
16921ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
16931ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16941ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16951ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16961ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16971ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16991ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17001ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17021ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17031ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
17041ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
17051ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000053c pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
17061ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
17071ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
17081ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
17091ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
17101ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17111ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17121ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
17131ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
17141ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
17151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17171ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17181ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17191ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17201ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17211ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17221ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17231ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17241ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17251ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17261ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17271ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17281ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17291ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
17301ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
17311ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
17321ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
17331ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17341ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17351ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
17361ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17371ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
17381ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17391ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17401ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17411ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17421ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17431ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17461ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17471ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17481ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17491ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17501ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17511ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17521ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17531ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17541ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17561ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17571ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17581ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17591ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17601ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17611ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17621ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c411:<flags> [calling]
17631ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17641ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee15f0000 LB 0x008e8000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
17651ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
17661ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17671ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee8b80000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
17681ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17691ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17701ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef6810000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
17711ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17721ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17731ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee8a80000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
17741ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17751ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17761ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef95d0000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
17771ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17781ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefe7b0000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
17791ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17801ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefcc20000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
17811ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17821ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefdd50000 LB 0x000da000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
17831ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17841ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefde30000 LB 0x00203000 C:\windows\system32\ole32.dll [fFlags=0x0]
17851ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17861ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefcbf0000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
17871ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
17881ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17891ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefac50000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
17901ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17911ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17921ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000066d20000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
17931ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
17941ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefce20000 LB 0x00d8a000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
17951ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17961ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17971ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef8250000 LB 0x00018000 C:\windows\system32\MPR.dll [fFlags=0x0]
17981ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17991ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18001ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee0ff0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
18011ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18021ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18031ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000064d50000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
18041ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
18051ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18061ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee8a20000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
18071ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
18081ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18091ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefa300000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
18101ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
18111ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefed40000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
18121ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
18131ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18141ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18151ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18161ec8.2d84: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18171ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18181ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef8690000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
18191ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
18201ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18211ec8.2d84: supR3HardenedDllNotificationCallback: load 0000000050110000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
18221ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
18231ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18241ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefa8e0000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
18251ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18261ec8.2d84: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
18271ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
18281ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18291ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18301ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18321ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18331ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18341ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18351ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026b9e1:<flags> [calling]
18361ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefefa0000 'C:\windows\system32\imm32.dll'
18371ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.DLL'
18381ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
18401ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\windows\system32\cryptbase.dll'
18411ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
18421ec8.2d84: SUPR3HardenedMain: Calling TrustedMain (000007fee15f1610)...
18431ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18441ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026dd11:<flags> [calling]
18451ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
18461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
18471ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
18481ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026c3f1:<flags> [calling]
18491ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca70000 'C:\windows\system32\profapi.dll'
18501ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18511ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
18521ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18531ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18541ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18551ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18561ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18571ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
18581ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18591ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18601ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18611ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
18621ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18631ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18641ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18651ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18661ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18671ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18681ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18691ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18701ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
18711ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18721ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18731ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18751ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18761ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18781ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18811ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18841ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18861ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18871ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18891ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18901ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18911ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18921ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026e6e1:<flags> [calling]
18931ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18941ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fee3340000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
18951ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
18961ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3340000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
18971ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18981ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026e611:<flags> [calling]
18991ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc900000 'C:\windows\system32\CRYPTBASE.dll'
19001ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005d8 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19011ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
19021ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
19031ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
19041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
19051ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19061ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19071ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19081ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
19091ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19101ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19121ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19131ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19141ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19171ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026e0e1:<flags> [calling]
19181ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19191ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefb020000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
19201ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19211ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb020000 'C:\windows\system32\uxtheme.dll'
19221ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19231ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026db21:<flags> [calling]
19241ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb020000 'C:\windows\system32\uxtheme.dll'
19251ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19261ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d891:<flags> [calling]
19271ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb020000 'C:\windows\system32\uxtheme.dll'
19281ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19291ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026d891:<flags> [calling]
19301ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb020000 'C:\windows\system32\uxtheme.dll'
19311ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b60000 'C:\windows\system32\user32.dll'
19321ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19331ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026e921:<flags> [calling]
19341ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
19351ec8.2d84: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
19361ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026e801:<flags> [calling]
19371ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\windows\system32\wintab32.dll'
19381ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
19391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026dfc1:<flags> [calling]
19401ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefac50000 'C:\windows\system32\dwmapi.dll'
19411ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19421ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ed41:<flags> [calling]
19431ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
19441ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19451ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ed41:<flags> [calling]
19461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
19471ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19481ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026f021:<flags> [calling]
19491ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
19501ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19511ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026eff1:<flags> [calling]
19521ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb020000 'C:\windows\system32\uxtheme.dll'
19531ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\advapi32.dll'
19541ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ef51:<flags> [calling]
19561ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\userenv.dll'
19571ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19581ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026f031:<flags> [calling]
19591ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076c60000 'C:\windows\system32\kernel32.dll'
19601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19611ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
19621ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
19631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
19641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19661ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19671ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19681ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19691ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19721ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
19731ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19751ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
19761ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
19771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
19781ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
19791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
19801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
19811ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
19821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19851ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19861ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19871ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
19881ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
19891ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
19901ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026bdb1:<flags> [calling]
19911ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19921ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefee60000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
19931ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19941ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'C:\windows\system32\CLBCatQ.DLL'
19951ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
19961ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
19971ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026aba1:<flags> [calling]
19981ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc260000 'C:\windows\system32\CRYPTSP.dll'
19991ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20001ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
20011ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
20021ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20031ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20051ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20061ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20071ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20091ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20101ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026a771:<flags> [calling]
20111ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20121ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc9b0000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
20131ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20141ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9b0000 'C:\windows\system32\RpcRtRemote.dll'
20151ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20161ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20171ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20181ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20191ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20201ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20211ec8.19e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
20221ec8.19e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20231ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20241ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20251ec8.19e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20261ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20271ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20281ec8.19e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20291ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20301ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20311ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20321ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20331ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20341ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
20351ec8.19e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
20361ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20371ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20381ec8.19e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000528e981:<flags> [calling]
20391ec8.19e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20401ec8.19e8: supR3HardenedDllNotificationCallback: load 000007fee0af0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
20411ec8.19e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
20421ec8.19e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0af0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
20431ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20441ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20451ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20461ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
20471ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20481ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20491ec8.19e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20501ec8.19e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
20511ec8.19e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20521ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20531ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20541ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20551ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20561ec8.19e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20571ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20581ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20591ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20601ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20611ec8.19e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20621ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20631ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20641ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20651ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20661ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20671ec8.19e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20681ec8.19e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000528d4a1:<flags> [calling]
20691ec8.19e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20701ec8.19e8: supR3HardenedDllNotificationCallback: load 000007fee3280000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
20711ec8.19e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
20721ec8.19e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee3280000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
20731ec8.19e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20741ec8.19e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000528d321:<flags> [calling]
20751ec8.19e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\Windows\system32\oleaut32.dll'
20761ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
20771ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdbb0000 'C:\windows\system32\gdi32.dll'
20781ec8.2fcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20791ec8.2fcc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20801ec8.2fcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
20811ec8.2fcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20821ec8.2fcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20831ec8.2fcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
20841ec8.2fcc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20851ec8.2fcc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
20861ec8.2fcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004d0a451:<flags> [calling]
20871ec8.2fcc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20881ec8.2fcc: supR3HardenedDllNotificationCallback: load 000007fef94a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
20891ec8.2fcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
20901ec8.2fcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef94a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
20911ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20921ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026ab11:<flags> [calling]
20931ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
20941ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
20951ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20961ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
20971ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
20981ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5openglvbox.dll'.
20991ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
21001ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
21011ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe)
21021ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe
21031ec8.2d84: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxTestOGL.exe'
21041ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009bc pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
21051ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
21061ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
21071ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
21081ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
21091ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21101ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
21111ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
21121ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
21131ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
21141ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21151ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
21161ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
21171ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
21181ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
21191ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
21201ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
21211ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
21221ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
21231ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
21241ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21251ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21261ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21271ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21281ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
21291ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
21301ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21311ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
21321ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
21331ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
21341ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll) WinVerifyTrust
21351ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxOGLhostcrutil.dll
21361ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21371ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21381ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21391ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21401ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21411ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
21421ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
21431ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
21441ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21451ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
21471ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
21481ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fefc860000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
21491ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
21501ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc860000 'C:\windows\system32\apphelp.dll'
21511ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
21521ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
21531ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
21541ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026a3b1:<flags> [calling]
21551ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe6a0000 'C:\windows\system32\MSCTF.dll'
21561ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
21571ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21581ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000267f21:<flags> [calling]
21591ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\windows\system32\OLEAUT32.dll'
21601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d8 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21611ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
21621ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
21631ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
21641ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
21651ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21661ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21671ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
21681ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
21691ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
21701ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
21711ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
21721ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
21731ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
21741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21751ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21761ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21801ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
21841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
21851ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009ec pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21861ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
21871ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
21881ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
21891ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
21901ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21911ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21921ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
21931ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
21941ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
21951ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
21961ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
21971ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
21981ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21991ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22001ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22011ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22021ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22031ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22041ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22051ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
22061ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22071ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22081ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22091ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22101ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22111ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22121ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000266841:<flags> [calling]
22131ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22141ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef87f0000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
22151ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22161ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22171ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef8760000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
22181ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22191ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef87f0000 'C:\windows\system32\wbem\wbemprox.dll'
22201ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a14 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22211ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
22221ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
22231ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
22241ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
22251ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22261ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22271ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
22281ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
22291ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22301ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22311ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22321ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
22331ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22341ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22351ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000266401:<flags> [calling]
22361ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22371ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef68b0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
22381ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
22391ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef68b0000 'C:\windows\system32\wbem\wbemsvc.dll'
22401ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22411ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
22421ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
22431ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
22441ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
22451ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22461ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22471ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
22481ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
22491ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
22501ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
22511ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
22521ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
22531ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22541ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
22551ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
22561ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009f8 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22571ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
22581ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
22591ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
22601ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
22611ec8.2d84: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22621ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22631ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
22641ec8.2d84: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
22651ec8.2d84: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
22661ec8.2d84: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22671ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22681ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22691ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22701ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22711ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22721ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22731ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22741ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22751ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22761ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22771ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22781ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22791ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22801ec8.2d84: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22811ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
22821ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
22831ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22841ec8.2d84: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22851ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000266441:<flags> [calling]
22861ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22871ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef6a80000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
22881ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
22891ec8.2d84: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22901ec8.2d84: supR3HardenedDllNotificationCallback: load 000007fef8730000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
22911ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
22921ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6a80000 'C:\windows\system32\wbem\fastprox.dll'
22931ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\windows\system32\OLEAUT32.dll'
22941ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
22951ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
22961ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
22971ec8.207c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
22981ec8.207c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
22991ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23001ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23011ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
23021ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
23031ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
23041ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23051ec8.207c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
23061ec8.207c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
23071ec8.207c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23081ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23091ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23101ec8.207c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23111ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23121ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23131ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23141ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23151ec8.207c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23161ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23171ec8.207c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23181ec8.207c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000862e8e1:<flags> [calling]
23191ec8.207c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23201ec8.207c: supR3HardenedDllNotificationCallback: load 000007fee01a0000 LB 0x002a0000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
23211ec8.207c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23221ec8.207c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23231ec8.207c: supR3HardenedDllNotificationCallback: load 000000006f7d0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
23241ec8.207c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
23251ec8.207c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee01a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
23261ec8.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23271ec8.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23281ec8.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23291ec8.2b4c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23301ec8.2b4c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
23311ec8.2b4c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23321ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23331ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23341ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23351ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23361ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
23371ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
23381ec8.2b4c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
23391ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23401ec8.2b4c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23411ec8.2b4c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008a8de01:<flags> [calling]
23421ec8.2b4c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23431ec8.2b4c: supR3HardenedDllNotificationCallback: load 000007fef9570000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
23441ec8.2b4c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
23451ec8.2b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9570000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
23461ec8.2b4c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076b60000 'C:\windows\system32\User32.dll'
23471ec8.2934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23481ec8.2934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23491ec8.2934: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23501ec8.2934: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
23511ec8.2934: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23521ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23531ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23541ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23551ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23561ec8.2934: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23571ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23581ec8.2934: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23591ec8.2934: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008f2dc81:<flags> [calling]
23601ec8.2934: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23611ec8.2934: supR3HardenedDllNotificationCallback: load 000007fef8530000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
23621ec8.2934: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
23631ec8.2934: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8530000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
23641ec8.178c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23651ec8.178c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23661ec8.178c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23671ec8.178c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
23681ec8.178c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23691ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23701ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23711ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23721ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23731ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23741ec8.178c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23751ec8.178c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000908d781:<flags> [calling]
23761ec8.178c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23771ec8.178c: supR3HardenedDllNotificationCallback: load 000007fef8500000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
23781ec8.178c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
23791ec8.178c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8500000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
23801ec8.2384: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23811ec8.2384: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
23821ec8.2384: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23831ec8.2384: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
23841ec8.2384: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23851ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23861ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23871ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23881ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23891ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23901ec8.2384: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23911ec8.2384: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008c3d901:<flags> [calling]
23921ec8.2384: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23931ec8.2384: supR3HardenedDllNotificationCallback: load 000007fef84f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
23941ec8.2384: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
23951ec8.2384: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef84f0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
23961ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\Shell32.dll'
23971ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000008919331:<flags> [calling]
23981ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
23991ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24001ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891b661:<flags> [calling]
24011ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee01a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
24021ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24031ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24041ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24051ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
24061ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
24071ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
24081ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24091ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24101ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24111ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24121ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24131ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24141ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24151ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24161ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24171ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24181ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24191ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891c811:<flags> [calling]
24201ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24211ec8.2684: supR3HardenedDllNotificationCallback: load 000007fee9650000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
24221ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
24231ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee9650000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
24241ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fee9650000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
24251ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24261ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24271ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24281ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24291ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24301ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24311ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24321ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24331ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24341ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24351ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
24361ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
24371ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24381ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24391ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c48 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24401ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
24411ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
24421ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
24431ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
24441ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24451ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24461ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
24471ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
24481ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
24491ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
24501ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24511ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24521ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24531ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24541ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24551ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24561ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24571ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24581ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24591ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24601ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24611ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24621ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
24631ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
24641ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24651ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24661ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
24671ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
24681ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
24691ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
24701ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24711ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24721ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24731ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
24741ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
24751ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
24761ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
24771ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24781ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24791ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24801ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
24811ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
24821ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24831ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24841ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24851ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24861ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
24871ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
24881ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
24891ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24901ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24911ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24921ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24931ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24941ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24951ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24961ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24971ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24981ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24991ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25001ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25011ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25021ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25031ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c34 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
25041ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
25051ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
25061ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
25071ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
25081ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25091ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25101ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25111ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25121ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
25131ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25141ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25151ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25161ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25171ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25181ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25191ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25201ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25211ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25221ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25231ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25241ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25251ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25261ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d7f1:<flags> [calling]
25271ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25281ec8.2684: supR3HardenedDllNotificationCallback: load 000007fedf7f0000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
25291ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
25301ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25311ec8.2684: supR3HardenedDllNotificationCallback: load 000007fee6930000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
25321ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
25331ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25341ec8.2684: supR3HardenedDllNotificationCallback: load 000007fee6680000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
25351ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25361ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25371ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa220000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
25381ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25391ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25401ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa200000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
25411ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25421ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedf7f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
25431ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25441ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d7f1:<flags> [calling]
25451ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25461ec8.2684: supR3HardenedDllNotificationCallback: load 000007fee2940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
25471ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
25481ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2940000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
25491ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
25501ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d7f1:<flags> [calling]
25511ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0af0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
25521ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
25531ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d701:<flags> [calling]
25541ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6680000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
25551ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25561ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25571ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
25581ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25591ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25601ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25611ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25621ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25631ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d701:<flags> [calling]
25641ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25651ec8.2684: supR3HardenedDllNotificationCallback: load 000007feef300000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
25661ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
25671ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef300000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
25681ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25691ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25701ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
25711ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25721ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25731ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25741ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25751ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25761ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d701:<flags> [calling]
25771ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25781ec8.2684: supR3HardenedDllNotificationCallback: load 000007fef0370000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
25791ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
25801ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0370000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
25811ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25821ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25831ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
25841ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25851ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25861ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25871ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25881ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25891ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d701:<flags> [calling]
25901ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25911ec8.2684: supR3HardenedDllNotificationCallback: load 000007feef2e0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
25921ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
25931ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef2e0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
25941ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25951ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25961ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
25971ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
25981ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25991ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26001ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26011ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26021ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d701:<flags> [calling]
26031ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26041ec8.2684: supR3HardenedDllNotificationCallback: load 000007feea070000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
26051ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
26061ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea070000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
26071ec8.29a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26081ec8.29a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26091ec8.29a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26101ec8.29a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
26111ec8.29a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26121ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26131ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26141ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26151ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26161ec8.29a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26171ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26181ec8.29a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26191ec8.29a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c58dd01:<flags> [calling]
26201ec8.29a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26211ec8.29a0: supR3HardenedDllNotificationCallback: load 000007fef84e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
26221ec8.29a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
26231ec8.29a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef84e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
26241ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26251ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd91:<flags> [calling]
26261ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee01a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26271ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26281ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
26291ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
26301ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
26311ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
26321ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
26331ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26341ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26351ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26361ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26371ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26381ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26391ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26401ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26411ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26421ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26431ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26441ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26451ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891eec1:<flags> [calling]
26461ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26471ec8.2684: supR3HardenedDllNotificationCallback: load 000007fee2b00000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
26481ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
26491ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2b00000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
26501ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c60 pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
26511ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
26521ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
26531ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
26541ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
26551ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26561ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26571ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26581ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26591ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26601ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
26611ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
26621ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
26631ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
26641ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
26651ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
26661ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c64 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
26671ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
26681ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
26691ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
26701ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
26711ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26721ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26731ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26741ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26751ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
26761ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
26771ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
26781ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
26791ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26801ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26811ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26821ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26831ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26841ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26851ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26861ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26871ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26881ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
26891ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
26901ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26911ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26921ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26931ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26941ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26951ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d6a1:<flags> [calling]
26961ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
26971ec8.2684: supR3HardenedDllNotificationCallback: load 000007fef4950000 LB 0x00088000 C:\windows\System32\dsound.dll [fFlags=0x0]
26981ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
26991ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27001ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefb670000 LB 0x0002c000 C:\windows\System32\POWRPROF.dll [fFlags=0x0]
27011ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27021ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27031ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891ca11:<flags> [calling]
27041ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\windows\System32\dsound.dll'
27051ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\windows\System32\dsound.dll'
27061ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27071ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d6f1:<flags> [calling]
27081ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\windows\system32\dsound.dll'
27091ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d0c pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27101ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
27111ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
27121ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
27131ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
27141ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27151ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27161ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27171ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27181ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
27191ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
27201ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27211ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
27221ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
27231ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf4 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
27241ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
27251ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
27261ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
27271ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
27281ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27291ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27301ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
27311ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
27321ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27331ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27341ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
27351ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
27361ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27371ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27381ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27391ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27401ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27411ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27421ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27431ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27441ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27451ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27461ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27471ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27481ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27491ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27501ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27511ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27521ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d171:<flags> [calling]
27531ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27541ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefb620000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
27551ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27561ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27571ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefb4f0000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
27581ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27591ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec60000 'C:\windows\system32\ADVAPI32.dll'
27601ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb620000 'C:\windows\System32\MMDevApi.dll'
27611ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
27621ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27631ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d481:<flags> [calling]
27641ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe7b0000 'C:\windows\system32\SETUPAPI.dll'
27651ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27661ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891e2f1:<flags> [calling]
27671ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefede0000 'C:\windows\system32\SHLWAPI.dll'
27681ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27691ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891e511:<flags> [calling]
27701ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb620000 'C:\windows\system32\MMDEVAPI.DLL'
27711ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
27721ec8.1f14: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27731ec8.1f14: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001160f561:<flags> [calling]
27741ec8.1f14: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc20000 'C:\windows\system32\CFGMGR32.dll'
27751ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27761ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891e141:<flags> [calling]
27771ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
27781ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000891dfa1:<flags> [calling]
27791ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-Management-L1-1-0.dll'
27801ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000891dfa1:<flags> [calling]
27811ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef00000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
27821ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe3e0000 'C:\windows\system32\RPCRT4.dll'
27831ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27841ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891e001:<flags> [calling]
27851ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb620000 'C:\windows\system32\MMDevAPI.DLL'
27861ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d44 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
27871ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
27881ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
27891ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
27901ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
27911ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27921ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27931ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
27941ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
27951ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27961ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
27971ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
27981ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
27991ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
28001ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
28011ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28021ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28031ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28041ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d30 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
28051ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
28061ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
28071ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
28081ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
28091ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28101ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
28111ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
28121ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28131ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28141ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28151ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
28161ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
28171ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d54 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
28181ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
28191ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
28201ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
28211ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
28221ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28231ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28241ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
28251ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28261ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28271ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28281ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28291ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28301ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28311ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28321ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28331ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28341ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28351ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28361ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28371ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28381ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28391ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891db71:<flags> [calling]
28401ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28411ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa3b0000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
28421ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28431ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28441ec8.2684: supR3HardenedDllNotificationCallback: load 0000000073ba0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
28451ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28461ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28471ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefb390000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
28481ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28491ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
28501ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28511ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891db71:<flags> [calling]
28521ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
28531ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28541ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd21:<flags> [calling]
28551ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
28561ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28571ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd21:<flags> [calling]
28581ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
28591ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28601ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd21:<flags> [calling]
28611ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
28621ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d80 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28631ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
28641ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
28651ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
28661ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_124_for_KB3185278~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
28671ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28681ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28691ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28701ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28711ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28721ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28731ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
28741ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
28751ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
28761ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28771ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28781ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28791ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28801ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
28811ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
28821ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28831ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28841ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28851ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28861ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28871ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28881ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28891ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28901ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28911ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28921ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd31:<flags> [calling]
28931ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28941ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa640000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
28951ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28961ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa640000 'C:\windows\system32\AUDIOSES.DLL'
28971ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28981ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd21:<flags> [calling]
28991ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29001ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29011ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891dd21:<flags> [calling]
29021ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29031ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29041ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29051ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29061ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3b0000 'C:\windows\system32\wdmaud.drv'
29071ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d70 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
29081ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
29091ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
29101ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
29111ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
29121ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29131ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29141ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29151ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
29161ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
29171ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
29181ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
29191ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29201ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29211ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29221ec8.2684: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29231ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29241ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29251ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d94 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
29261ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
29271ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
29281ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
29291ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
29301ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29311ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29321ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29331ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29341ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29351ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
29361ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
29371ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29381ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29391ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29401ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29411ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29421ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29431ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29441ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29451ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29461ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29471ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29481ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29491ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29501ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29511ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29521ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29531ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29541ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891db21:<flags> [calling]
29551ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29561ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa2c0000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
29571ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29581ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29591ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa2a0000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
29601ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29611ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29621ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29631ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29641ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29651ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29661ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29671ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29681ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29691ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29701ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29711ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29721ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29731ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29741ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29751ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29761ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29771ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29781ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d521:<flags> [calling]
29791ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29801ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29811ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29821ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa2c0000 'C:\windows\system32\msacm32.drv'
29831ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d98 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
29841ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000882b70
29851ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000882b70
29861ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
29871ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
29881ec8.2684: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29891ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29901ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
29911ec8.2684: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
29921ec8.2684: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
29931ec8.2684: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
29941ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29951ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29961ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29971ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29981ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29991ec8.2684: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30001ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891db21:<flags> [calling]
30011ec8.2684: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30021ec8.2684: supR3HardenedDllNotificationCallback: load 000007fefa290000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
30031ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30041ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa290000 'C:\windows\system32\midimap.dll'
30051ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30061ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d4f1:<flags> [calling]
30071ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa290000 'C:\windows\system32\midimap.dll'
30081ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30091ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d4f1:<flags> [calling]
30101ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa290000 'C:\windows\system32\midimap.dll'
30111ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30121ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891db21:<flags> [calling]
30131ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa290000 'C:\windows\system32\midimap.dll'
30141ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30151ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30161ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30171ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefde30000 'C:\windows\system32\ole32.dll'
30181ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30191ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30201ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891e141:<flags> [calling]
30211ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30221ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30231ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30241ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d6e1:<flags> [calling]
30251ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\windows\system32\dsound.dll'
30261ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30271ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30281ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30291ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30301ec8.180: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30311ec8.180: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000011a3dad1:<flags> [calling]
30321ec8.180: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa640000 'C:\windows\System32\audioses.dll'
30331ec8.2684: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30341ec8.2684: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000891d8b1:<flags> [calling]
30351ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4950000 'C:\windows\system32\dsound.dll'
30361ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\winmm.dll'
30371ec8.2684: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee01a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
30381ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa8e0000 'C:\windows\system32\WINMM.dll'
30391ec8.207c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
30401ec8.207c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000862f9d1:<flags> [calling]
30411ec8.207c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdd50000 'C:\windows\system32\OLEAUT32.dll'
30421ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30431ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30441ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30451ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30461ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30471ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce20000 'C:\windows\system32\shell32.dll'
30481ec8.29a0: supR3HardenedDllNotificationCallback: Unload 000007fef84e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
30491ec8.2384: supR3HardenedDllNotificationCallback: Unload 000007fef84f0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
30501ec8.178c: supR3HardenedDllNotificationCallback: Unload 000007fef8500000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
30511ec8.2934: supR3HardenedDllNotificationCallback: Unload 000007fef8530000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
30521ec8.2b4c: supR3HardenedDllNotificationCallback: Unload 000007fef9570000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
30531ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007feea070000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [flags=0x0]
30541ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007feef2e0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [flags=0x0]
30551ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fef0370000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [flags=0x0]
30561ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007feef300000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [flags=0x0]
30571ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fee2940000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
30581ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fedf7f0000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
30591ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fefa220000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [flags=0x0]
30601ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fefa200000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [flags=0x0]
30611ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fee6680000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
30621ec8.2684: supR3HardenedDllNotificationCallback: Unload 000007fee6930000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
30631ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef94a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [flags=0x0]
30641ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef6a80000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [flags=0x0]
30651ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef8730000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [flags=0x0]
30661ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef68b0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [flags=0x0]
30671ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef87f0000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [flags=0x0]
30681ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fef8760000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [flags=0x0]
30691ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fee3280000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [flags=0x0]
30701ec8.2d84: supR3HardenedDllNotificationCallback: Unload 000007fee0af0000 LB 0x004f5000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [flags=0x0]
30711ec8.2d84: Terminating the normal way: rcExit=0
30721ec8.2d84: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
30731ec8.2d84: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000026edf1:<flags> [calling]
30741ec8.2d84: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcdd0000 'C:\windows\system32\WINTRUST.dll'
307526f0.2aac: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 37592 ms, the end);
30762454.2ba0: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 38228 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy