VirtualBox

Ticket #16866: Kali-Linux-2017.1-vbox-i686-2017-06-30-13-22-06.log

File Kali-Linux-2017.1-vbox-i686-2017-06-30-13-22-06.log, 367.1 KB (added by jenko, 7 years ago)
Line 
17ac.e14: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
27ac.e14: \SystemRoot\System32\ntdll.dll:
37ac.e14: CreationTime: 2017-06-29T13:31:49.744758700Z
47ac.e14: LastWriteTime: 2017-05-12T18:24:12.913140800Z
57ac.e14: ChangeTime: 2017-06-29T17:29:01.999661900Z
67ac.e14: FileAttributes: 0x20
77ac.e14: Size: 0x1a7100
87ac.e14: NT Headers: 0xe0
97ac.e14: Timestamp: 0x5915fdce
107ac.e14: Machine: 0x8664 - amd64
117ac.e14: Timestamp: 0x5915fdce
127ac.e14: Image Version: 6.1
137ac.e14: SizeOfImage: 0x1aa000 (1744896)
147ac.e14: Resource Dir: 0x14e000 LB 0x5a028
157ac.e14: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
167ac.e14: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
177ac.e14: ProductName: Microsoft® Windows® Operating System
187ac.e14: ProductVersion: 6.1.7601.23807
197ac.e14: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
207ac.e14: FileDescription: NT Layer DLL
217ac.e14: \SystemRoot\System32\kernel32.dll:
227ac.e14: CreationTime: 2017-06-29T13:31:40.275542100Z
237ac.e14: LastWriteTime: 2017-05-12T18:22:33.598000000Z
247ac.e14: ChangeTime: 2017-06-29T17:29:09.674875400Z
257ac.e14: FileAttributes: 0x20
267ac.e14: Size: 0x11c000
277ac.e14: NT Headers: 0xe0
287ac.e14: Timestamp: 0x5915fe13
297ac.e14: Machine: 0x8664 - amd64
307ac.e14: Timestamp: 0x5915fe13
317ac.e14: Image Version: 6.1
327ac.e14: SizeOfImage: 0x11f000 (1175552)
337ac.e14: Resource Dir: 0x116000 LB 0x528
347ac.e14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
357ac.e14: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
367ac.e14: ProductName: Microsoft® Windows® Operating System
377ac.e14: ProductVersion: 6.1.7601.23807
387ac.e14: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
397ac.e14: FileDescription: Windows NT BASE API Client DLL
407ac.e14: \SystemRoot\System32\KernelBase.dll:
417ac.e14: CreationTime: 2017-06-29T13:31:41.741944700Z
427ac.e14: LastWriteTime: 2017-05-12T18:22:33.598000000Z
437ac.e14: ChangeTime: 2017-06-29T17:29:09.674875400Z
447ac.e14: FileAttributes: 0x20
457ac.e14: Size: 0x66800
467ac.e14: NT Headers: 0xe8
477ac.e14: Timestamp: 0x5915fe14
487ac.e14: Machine: 0x8664 - amd64
497ac.e14: Timestamp: 0x5915fe14
507ac.e14: Image Version: 6.1
517ac.e14: SizeOfImage: 0x6a000 (434176)
527ac.e14: Resource Dir: 0x68000 LB 0x530
537ac.e14: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
547ac.e14: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
557ac.e14: ProductName: Microsoft® Windows® Operating System
567ac.e14: ProductVersion: 6.1.7601.23807
577ac.e14: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
587ac.e14: FileDescription: Windows NT BASE API Client DLL
597ac.e14: \SystemRoot\System32\apisetschema.dll:
607ac.e14: CreationTime: 2017-06-29T13:31:26.001517000Z
617ac.e14: LastWriteTime: 2017-05-12T18:22:28.981000000Z
627ac.e14: ChangeTime: 2017-06-29T17:29:01.843661600Z
637ac.e14: FileAttributes: 0x20
647ac.e14: Size: 0x1a00
657ac.e14: NT Headers: 0xc0
667ac.e14: Timestamp: 0x5915fdad
677ac.e14: Machine: 0x8664 - amd64
687ac.e14: Timestamp: 0x5915fdad
697ac.e14: Image Version: 6.1
707ac.e14: SizeOfImage: 0x50000 (327680)
717ac.e14: Resource Dir: 0x30000 LB 0x3f8
727ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
737ac.e14: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
747ac.e14: ProductName: Microsoft® Windows® Operating System
757ac.e14: ProductVersion: 6.1.7601.23807
767ac.e14: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
777ac.e14: FileDescription: ApiSet Schema DLL
787ac.e14: NtOpenDirectoryObject failed on \Driver: 0xc0000022
797ac.e14: supR3HardenedWinFindAdversaries: 0x4
807ac.e14: \SystemRoot\System32\drivers\aswHwid.sys:
817ac.e14: CreationTime: 2017-06-28T20:15:49.011883300Z
827ac.e14: LastWriteTime: 2017-06-28T20:15:38.357273900Z
837ac.e14: ChangeTime: 2017-06-28T20:15:43.398562200Z
847ac.e14: FileAttributes: 0x20
857ac.e14: Size: 0xb788
867ac.e14: NT Headers: 0xe8
877ac.e14: Timestamp: 0x5948521a
887ac.e14: Machine: 0x8664 - amd64
897ac.e14: Timestamp: 0x5948521a
907ac.e14: Image Version: 6.0
917ac.e14: SizeOfImage: 0xa000 (40960)
927ac.e14: Resource Dir: 0x8000 LB 0x388
937ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
947ac.e14: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
957ac.e14: ProductName: Avast Antivirus
967ac.e14: ProductVersion: 17.5.3540.0
977ac.e14: FileVersion: 17.5.3540.0
987ac.e14: FileDescription: Avast HWID
997ac.e14: \SystemRoot\System32\drivers\aswMonFlt.sys:
1007ac.e14: CreationTime: 2017-06-28T20:15:49.288899100Z
1017ac.e14: LastWriteTime: 2017-06-28T20:15:38.375274900Z
1027ac.e14: ChangeTime: 2017-06-28T20:15:43.398562200Z
1037ac.e14: FileAttributes: 0x20
1047ac.e14: Size: 0x23ce8
1057ac.e14: NT Headers: 0xf0
1067ac.e14: Timestamp: 0x594c486f
1077ac.e14: Machine: 0x8664 - amd64
1087ac.e14: Timestamp: 0x594c486f
1097ac.e14: Image Version: 6.0
1107ac.e14: SizeOfImage: 0x27000 (159744)
1117ac.e14: Resource Dir: 0x25000 LB 0x3b0
1127ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1137ac.e14: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
1147ac.e14: ProductName: Avast Antivirus
1157ac.e14: ProductVersion: 17.5.3556.0
1167ac.e14: FileVersion: 17.5.3556.0
1177ac.e14: FileDescription: Avast File System Minifilter for Windows 2003/Vista
1187ac.e14: \SystemRoot\System32\drivers\aswRdr2.sys:
1197ac.e14: CreationTime: 2017-06-28T20:15:48.688864800Z
1207ac.e14: LastWriteTime: 2017-06-28T20:15:38.005253700Z
1217ac.e14: ChangeTime: 2017-06-28T20:15:43.398562200Z
1227ac.e14: FileAttributes: 0x20
1237ac.e14: Size: 0x1af10
1247ac.e14: NT Headers: 0xf0
1257ac.e14: Timestamp: 0x59485232
1267ac.e14: Machine: 0x8664 - amd64
1277ac.e14: Timestamp: 0x59485232
1287ac.e14: Image Version: 6.1
1297ac.e14: SizeOfImage: 0x1a000 (106496)
1307ac.e14: Resource Dir: 0x18000 LB 0x398
1317ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1327ac.e14: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
1337ac.e14: ProductName: Avast Antivirus
1347ac.e14: ProductVersion: 17.5.3540.0
1357ac.e14: FileVersion: 17.5.3540.0 built by: WinDDK
1367ac.e14: FileDescription: Avast WFP Redirect Driver
1377ac.e14: \SystemRoot\System32\drivers\aswRvrt.sys:
1387ac.e14: CreationTime: 2017-06-28T20:15:49.566915000Z
1397ac.e14: LastWriteTime: 2017-06-28T20:15:38.434278300Z
1407ac.e14: ChangeTime: 2017-06-28T20:15:43.398562200Z
1417ac.e14: FileAttributes: 0x20
1427ac.e14: Size: 0x149a8
1437ac.e14: NT Headers: 0xf0
1447ac.e14: Timestamp: 0x5948521c
1457ac.e14: Machine: 0x8664 - amd64
1467ac.e14: Timestamp: 0x5948521c
1477ac.e14: Image Version: 6.0
1487ac.e14: SizeOfImage: 0x13000 (77824)
1497ac.e14: Resource Dir: 0x11000 LB 0x388
1507ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1517ac.e14: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
1527ac.e14: ProductName: Avast Antivirus
1537ac.e14: ProductVersion: 17.5.3540.0
1547ac.e14: FileVersion: 17.5.3540.0
1557ac.e14: FileDescription: Avast Revert
1567ac.e14: \SystemRoot\System32\drivers\aswSnx.sys:
1577ac.e14: CreationTime: 2017-06-28T20:15:48.422849600Z
1587ac.e14: LastWriteTime: 2017-06-28T20:15:14.038882900Z
1597ac.e14: ChangeTime: 2017-06-28T20:15:43.399562300Z
1607ac.e14: FileAttributes: 0x20
1617ac.e14: Size: 0xf8028
1627ac.e14: NT Headers: 0xe8
1637ac.e14: Timestamp: 0x59485239
1647ac.e14: Machine: 0x8664 - amd64
1657ac.e14: Timestamp: 0x59485239
1667ac.e14: Image Version: 6.0
1677ac.e14: SizeOfImage: 0xf6000 (1007616)
1687ac.e14: Resource Dir: 0xee000 LB 0x378
1697ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1707ac.e14: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
1717ac.e14: ProductName: Avast Antivirus
1727ac.e14: ProductVersion: 17.5.3540.0
1737ac.e14: FileVersion: 17.5.3540.0
1747ac.e14: FileDescription: Avast Virtualization Driver
1757ac.e14: \SystemRoot\System32\drivers\aswsp.sys:
1767ac.e14: CreationTime: 2017-06-28T20:15:49.844930900Z
1777ac.e14: LastWriteTime: 2017-06-28T20:15:38.467280200Z
1787ac.e14: ChangeTime: 2017-06-28T20:15:43.399562300Z
1797ac.e14: FileAttributes: 0x20
1807ac.e14: Size: 0x8ef88
1817ac.e14: NT Headers: 0xe0
1827ac.e14: Timestamp: 0x594c4886
1837ac.e14: Machine: 0x8664 - amd64
1847ac.e14: Timestamp: 0x594c4886
1857ac.e14: Image Version: 6.0
1867ac.e14: SizeOfImage: 0xb1000 (724992)
1877ac.e14: Resource Dir: 0xaf000 LB 0x370
1887ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1897ac.e14: [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
1907ac.e14: ProductName: Avast Antivirus
1917ac.e14: ProductVersion: 17.5.3556.0
1927ac.e14: FileVersion: 17.5.3556.0
1937ac.e14: FileDescription: Avast self protection module
1947ac.e14: \SystemRoot\System32\drivers\aswStm.sys:
1957ac.e14: CreationTime: 2017-06-28T20:15:50.498968300Z
1967ac.e14: LastWriteTime: 2017-06-28T20:15:38.716294400Z
1977ac.e14: ChangeTime: 2017-06-28T20:15:43.399562300Z
1987ac.e14: FileAttributes: 0x20
1997ac.e14: Size: 0x30870
2007ac.e14: NT Headers: 0x100
2017ac.e14: Timestamp: 0x59485687
2027ac.e14: Machine: 0x8664 - amd64
2037ac.e14: Timestamp: 0x59485687
2047ac.e14: Image Version: 10.0
2057ac.e14: SizeOfImage: 0x31000 (200704)
2067ac.e14: Resource Dir: 0x2f000 LB 0x350
2077ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
2087ac.e14: [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
2097ac.e14: ProductName: Avast Antivirus
2107ac.e14: ProductVersion: 17.5.3540.0
2117ac.e14: FileVersion: 17.5.3540.0
2127ac.e14: FileDescription: Stream Filter
2137ac.e14: \SystemRoot\System32\drivers\aswVmm.sys:
2147ac.e14: CreationTime: 2017-06-28T20:15:50.242953700Z
2157ac.e14: LastWriteTime: 2017-06-28T20:15:38.526283500Z
2167ac.e14: ChangeTime: 2017-06-28T20:15:43.399562300Z
2177ac.e14: FileAttributes: 0x20
2187ac.e14: Size: 0x58158
2197ac.e14: NT Headers: 0xe8
2207ac.e14: Timestamp: 0x5948547c
2217ac.e14: Machine: 0x8664 - amd64
2227ac.e14: Timestamp: 0x5948547c
2237ac.e14: Image Version: 6.0
2247ac.e14: SizeOfImage: 0x56000 (352256)
2257ac.e14: Resource Dir: 0x53000 LB 0x390
2267ac.e14: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2277ac.e14: [Raw version resource data: 0x53060 LB 0x330, codepage 0x0 (reserved 0x0)]
2287ac.e14: ProductName: Avast Antivirus
2297ac.e14: ProductVersion: 17.5.3540.0
2307ac.e14: FileVersion: 17.5.3540.0
2317ac.e14: FileDescription: Avast VM Monitor
2327ac.e14: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2337ac.e14: Calling main()
2347ac.e14: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2357ac.e14: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2367ac.e14: SUPR3HardenedMain: Respawn #1
2377ac.e14: System32: \Device\HarddiskVolume2\Windows\System32
2387ac.e14: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2397ac.e14: KnownDllPath: C:\Windows\system32
2407ac.e14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2417ac.e14: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2427ac.e14: supR3HardNtEnableThreadCreation:
2437ac.e14: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ba360 pvNtTerminateThread=00000000779dc260
2447ac.e14: supR3HardenedWinDoReSpawn(1): New child f74.4a8 [kernel32].
2457ac.e14: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
2467ac.e14: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077990000 uNtDllChildAddr=0000000077990000
2477ac.e14: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779ba360
2487ac.e14: supR3HardenedWinSetupChildInit: Start child.
2497ac.e14: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2507ac.e14: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
2517ac.e14: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2527ac.e14: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2537ac.e14: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2547ac.e14: *0000000000030000-000000000012bfff 0x0000/0x0004 0x0020000
2557ac.e14: 000000000012c000-000000000012dfff 0x0104/0x0004 0x0020000
2567ac.e14: 000000000012e000-000000000012ffff 0x0004/0x0004 0x0020000
2577ac.e14: *0000000000130000-0000000000133fff 0x0002/0x0002 0x0040000
2587ac.e14: 0000000000134000-000000000013ffff 0x0001/0x0000 0x0000000
2597ac.e14: *0000000000140000-0000000000140fff 0x0004/0x0004 0x0020000
2607ac.e14: 0000000000141000-000000007798ffff 0x0001/0x0000 0x0000000
2617ac.e14: *0000000077990000-0000000077990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2627ac.e14: 0000000077991000-0000000077a8dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2637ac.e14: 0000000077a8e000-0000000077abcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2647ac.e14: 0000000077abd000-0000000077ac6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2657ac.e14: 0000000077ac7000-0000000077ac7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2667ac.e14: 0000000077ac8000-0000000077acafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2677ac.e14: 0000000077acb000-0000000077b39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2687ac.e14: 0000000077b3a000-000000007efdffff 0x0001/0x0000 0x0000000
2697ac.e14: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2707ac.e14: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2717ac.e14: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2727ac.e14: 000000007fff0000-000000013f70ffff 0x0001/0x0000 0x0000000
2737ac.e14: *000000013f710000-000000013f710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2747ac.e14: 000000013f711000-000000013f780fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2757ac.e14: 000000013f781000-000000013f781fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2767ac.e14: 000000013f782000-000000013f7c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2777ac.e14: 000000013f7c7000-000000013f7c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2787ac.e14: 000000013f7c8000-000000013f7c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2797ac.e14: 000000013f7c9000-000000013f7cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2807ac.e14: 000000013f7ce000-000000013f7cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2817ac.e14: 000000013f7cf000-000000013f7cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2827ac.e14: 000000013f7d0000-000000013f7d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2837ac.e14: 000000013f7d4000-000000013f81bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2847ac.e14: 000000013f81c000-000007feffcaffff 0x0001/0x0000 0x0000000
2857ac.e14: *000007feffcb0000-000007feffcb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2867ac.e14: 000007feffcb1000-000007fffffaffff 0x0001/0x0000 0x0000000
2877ac.e14: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2887ac.e14: 000007fffffd3000-000007fffffd6fff 0x0001/0x0000 0x0000000
2897ac.e14: *000007fffffd7000-000007fffffd7fff 0x0004/0x0004 0x0020000
2907ac.e14: 000007fffffd8000-000007fffffddfff 0x0001/0x0000 0x0000000
2917ac.e14: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
2927ac.e14: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2937ac.e14: apisetschema.dll: timestamp 0x5915fdad (rc=VINF_SUCCESS)
2947ac.e14: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
2957ac.e14: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2967ac.e14: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2977ac.e14: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2987ac.e14: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
299f74.4a8: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
300f74.4a8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077990000 g_uNtVerCombined=0x611db100
3017ac.e14: supR3HardNtEnableThreadCreation:
302f74.4a8: ntdll.dll: timestamp 0x5915fdce (rc=VINF_SUCCESS)
303f74.4a8: New simple heap: #1 0000000000250000 LB 0x400000 (for 1744896 allocation)
304f74.4a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
305f74.4a8: System32: \Device\HarddiskVolume2\Windows\System32
306f74.4a8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
307f74.4a8: KnownDllPath: C:\Windows\system32
308f74.4a8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
309f74.4a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
310f74.4a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
311f74.4a8: Registered Dll notification callback with NTDLL.
312f74.4a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
313f74.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
314f74.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
315f74.4a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
316f74.4a8: supR3HardenedDllNotificationCallback: load 0000000077770000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
317f74.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
318f74.4a8: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
319f74.4a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
320f74.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
321f74.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077770000 'C:\Windows\system32\kernel32.dll'
322f74.4a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ba360 pvNtTerminateThread=00000000779dc260
3237ac.e14: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 63 ms.
324f74.4a8: \SystemRoot\System32\ntdll.dll:
325f74.4a8: CreationTime: 2017-06-29T13:31:49.744758700Z
326f74.4a8: LastWriteTime: 2017-05-12T18:24:12.913140800Z
327f74.4a8: ChangeTime: 2017-06-29T17:29:01.999661900Z
328f74.4a8: FileAttributes: 0x20
329f74.4a8: Size: 0x1a7100
330f74.4a8: NT Headers: 0xe0
331f74.4a8: Timestamp: 0x5915fdce
332f74.4a8: Machine: 0x8664 - amd64
333f74.4a8: Timestamp: 0x5915fdce
334f74.4a8: Image Version: 6.1
335f74.4a8: SizeOfImage: 0x1aa000 (1744896)
336f74.4a8: Resource Dir: 0x14e000 LB 0x5a028
337f74.4a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
338f74.4a8: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
339f74.4a8: ProductName: Microsoft® Windows® Operating System
340f74.4a8: ProductVersion: 6.1.7601.23807
341f74.4a8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
342f74.4a8: FileDescription: NT Layer DLL
343f74.4a8: \SystemRoot\System32\kernel32.dll:
344f74.4a8: CreationTime: 2017-06-29T13:31:40.275542100Z
345f74.4a8: LastWriteTime: 2017-05-12T18:22:33.598000000Z
346f74.4a8: ChangeTime: 2017-06-29T17:29:09.674875400Z
347f74.4a8: FileAttributes: 0x20
348f74.4a8: Size: 0x11c000
349f74.4a8: NT Headers: 0xe0
350f74.4a8: Timestamp: 0x5915fe13
351f74.4a8: Machine: 0x8664 - amd64
352f74.4a8: Timestamp: 0x5915fe13
353f74.4a8: Image Version: 6.1
354f74.4a8: SizeOfImage: 0x11f000 (1175552)
355f74.4a8: Resource Dir: 0x116000 LB 0x528
356f74.4a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
357f74.4a8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
358f74.4a8: ProductName: Microsoft® Windows® Operating System
359f74.4a8: ProductVersion: 6.1.7601.23807
360f74.4a8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
361f74.4a8: FileDescription: Windows NT BASE API Client DLL
362f74.4a8: \SystemRoot\System32\KernelBase.dll:
363f74.4a8: CreationTime: 2017-06-29T13:31:41.741944700Z
364f74.4a8: LastWriteTime: 2017-05-12T18:22:33.598000000Z
365f74.4a8: ChangeTime: 2017-06-29T17:29:09.674875400Z
366f74.4a8: FileAttributes: 0x20
367f74.4a8: Size: 0x66800
368f74.4a8: NT Headers: 0xe8
369f74.4a8: Timestamp: 0x5915fe14
370f74.4a8: Machine: 0x8664 - amd64
371f74.4a8: Timestamp: 0x5915fe14
372f74.4a8: Image Version: 6.1
373f74.4a8: SizeOfImage: 0x6a000 (434176)
374f74.4a8: Resource Dir: 0x68000 LB 0x530
375f74.4a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
376f74.4a8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
377f74.4a8: ProductName: Microsoft® Windows® Operating System
378f74.4a8: ProductVersion: 6.1.7601.23807
379f74.4a8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
380f74.4a8: FileDescription: Windows NT BASE API Client DLL
381f74.4a8: \SystemRoot\System32\apisetschema.dll:
382f74.4a8: CreationTime: 2017-06-29T13:31:26.001517000Z
383f74.4a8: LastWriteTime: 2017-05-12T18:22:28.981000000Z
384f74.4a8: ChangeTime: 2017-06-29T17:29:01.843661600Z
385f74.4a8: FileAttributes: 0x20
386f74.4a8: Size: 0x1a00
387f74.4a8: NT Headers: 0xc0
388f74.4a8: Timestamp: 0x5915fdad
389f74.4a8: Machine: 0x8664 - amd64
390f74.4a8: Timestamp: 0x5915fdad
391f74.4a8: Image Version: 6.1
392f74.4a8: SizeOfImage: 0x50000 (327680)
393f74.4a8: Resource Dir: 0x30000 LB 0x3f8
394f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
395f74.4a8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
396f74.4a8: ProductName: Microsoft® Windows® Operating System
397f74.4a8: ProductVersion: 6.1.7601.23807
398f74.4a8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
399f74.4a8: FileDescription: ApiSet Schema DLL
400f74.4a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
401f74.4a8: supR3HardenedWinFindAdversaries: 0x4
402f74.4a8: \SystemRoot\System32\drivers\aswHwid.sys:
403f74.4a8: CreationTime: 2017-06-28T20:15:49.011883300Z
404f74.4a8: LastWriteTime: 2017-06-28T20:15:38.357273900Z
405f74.4a8: ChangeTime: 2017-06-28T20:15:43.398562200Z
406f74.4a8: FileAttributes: 0x20
407f74.4a8: Size: 0xb788
408f74.4a8: NT Headers: 0xe8
409f74.4a8: Timestamp: 0x5948521a
410f74.4a8: Machine: 0x8664 - amd64
411f74.4a8: Timestamp: 0x5948521a
412f74.4a8: Image Version: 6.0
413f74.4a8: SizeOfImage: 0xa000 (40960)
414f74.4a8: Resource Dir: 0x8000 LB 0x388
415f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
416f74.4a8: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
417f74.4a8: ProductName: Avast Antivirus
418f74.4a8: ProductVersion: 17.5.3540.0
419f74.4a8: FileVersion: 17.5.3540.0
420f74.4a8: FileDescription: Avast HWID
421f74.4a8: \SystemRoot\System32\drivers\aswMonFlt.sys:
422f74.4a8: CreationTime: 2017-06-28T20:15:49.288899100Z
423f74.4a8: LastWriteTime: 2017-06-28T20:15:38.375274900Z
424f74.4a8: ChangeTime: 2017-06-28T20:15:43.398562200Z
425f74.4a8: FileAttributes: 0x20
426f74.4a8: Size: 0x23ce8
427f74.4a8: NT Headers: 0xf0
428f74.4a8: Timestamp: 0x594c486f
429f74.4a8: Machine: 0x8664 - amd64
430f74.4a8: Timestamp: 0x594c486f
431f74.4a8: Image Version: 6.0
432f74.4a8: SizeOfImage: 0x27000 (159744)
433f74.4a8: Resource Dir: 0x25000 LB 0x3b0
434f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
435f74.4a8: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
436f74.4a8: ProductName: Avast Antivirus
437f74.4a8: ProductVersion: 17.5.3556.0
438f74.4a8: FileVersion: 17.5.3556.0
439f74.4a8: FileDescription: Avast File System Minifilter for Windows 2003/Vista
440f74.4a8: \SystemRoot\System32\drivers\aswRdr2.sys:
441f74.4a8: CreationTime: 2017-06-28T20:15:48.688864800Z
442f74.4a8: LastWriteTime: 2017-06-28T20:15:38.005253700Z
443f74.4a8: ChangeTime: 2017-06-28T20:15:43.398562200Z
444f74.4a8: FileAttributes: 0x20
445f74.4a8: Size: 0x1af10
446f74.4a8: NT Headers: 0xf0
447f74.4a8: Timestamp: 0x59485232
448f74.4a8: Machine: 0x8664 - amd64
449f74.4a8: Timestamp: 0x59485232
450f74.4a8: Image Version: 6.1
451f74.4a8: SizeOfImage: 0x1a000 (106496)
452f74.4a8: Resource Dir: 0x18000 LB 0x398
453f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
454f74.4a8: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
455f74.4a8: ProductName: Avast Antivirus
456f74.4a8: ProductVersion: 17.5.3540.0
457f74.4a8: FileVersion: 17.5.3540.0 built by: WinDDK
458f74.4a8: FileDescription: Avast WFP Redirect Driver
459f74.4a8: \SystemRoot\System32\drivers\aswRvrt.sys:
460f74.4a8: CreationTime: 2017-06-28T20:15:49.566915000Z
461f74.4a8: LastWriteTime: 2017-06-28T20:15:38.434278300Z
462f74.4a8: ChangeTime: 2017-06-28T20:15:43.398562200Z
463f74.4a8: FileAttributes: 0x20
464f74.4a8: Size: 0x149a8
465f74.4a8: NT Headers: 0xf0
466f74.4a8: Timestamp: 0x5948521c
467f74.4a8: Machine: 0x8664 - amd64
468f74.4a8: Timestamp: 0x5948521c
469f74.4a8: Image Version: 6.0
470f74.4a8: SizeOfImage: 0x13000 (77824)
471f74.4a8: Resource Dir: 0x11000 LB 0x388
472f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
473f74.4a8: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
474f74.4a8: ProductName: Avast Antivirus
475f74.4a8: ProductVersion: 17.5.3540.0
476f74.4a8: FileVersion: 17.5.3540.0
477f74.4a8: FileDescription: Avast Revert
478f74.4a8: \SystemRoot\System32\drivers\aswSnx.sys:
479f74.4a8: CreationTime: 2017-06-28T20:15:48.422849600Z
480f74.4a8: LastWriteTime: 2017-06-28T20:15:14.038882900Z
481f74.4a8: ChangeTime: 2017-06-28T20:15:43.399562300Z
482f74.4a8: FileAttributes: 0x20
483f74.4a8: Size: 0xf8028
484f74.4a8: NT Headers: 0xe8
485f74.4a8: Timestamp: 0x59485239
486f74.4a8: Machine: 0x8664 - amd64
487f74.4a8: Timestamp: 0x59485239
488f74.4a8: Image Version: 6.0
489f74.4a8: SizeOfImage: 0xf6000 (1007616)
490f74.4a8: Resource Dir: 0xee000 LB 0x378
491f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
492f74.4a8: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
493f74.4a8: ProductName: Avast Antivirus
494f74.4a8: ProductVersion: 17.5.3540.0
495f74.4a8: FileVersion: 17.5.3540.0
496f74.4a8: FileDescription: Avast Virtualization Driver
497f74.4a8: \SystemRoot\System32\drivers\aswsp.sys:
498f74.4a8: CreationTime: 2017-06-28T20:15:49.844930900Z
499f74.4a8: LastWriteTime: 2017-06-28T20:15:38.467280200Z
500f74.4a8: ChangeTime: 2017-06-28T20:15:43.399562300Z
501f74.4a8: FileAttributes: 0x20
502f74.4a8: Size: 0x8ef88
503f74.4a8: NT Headers: 0xe0
504f74.4a8: Timestamp: 0x594c4886
505f74.4a8: Machine: 0x8664 - amd64
506f74.4a8: Timestamp: 0x594c4886
507f74.4a8: Image Version: 6.0
508f74.4a8: SizeOfImage: 0xb1000 (724992)
509f74.4a8: Resource Dir: 0xaf000 LB 0x370
510f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
511f74.4a8: [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
512f74.4a8: ProductName: Avast Antivirus
513f74.4a8: ProductVersion: 17.5.3556.0
514f74.4a8: FileVersion: 17.5.3556.0
515f74.4a8: FileDescription: Avast self protection module
516f74.4a8: \SystemRoot\System32\drivers\aswStm.sys:
517f74.4a8: CreationTime: 2017-06-28T20:15:50.498968300Z
518f74.4a8: LastWriteTime: 2017-06-28T20:15:38.716294400Z
519f74.4a8: ChangeTime: 2017-06-28T20:15:43.399562300Z
520f74.4a8: FileAttributes: 0x20
521f74.4a8: Size: 0x30870
522f74.4a8: NT Headers: 0x100
523f74.4a8: Timestamp: 0x59485687
524f74.4a8: Machine: 0x8664 - amd64
525f74.4a8: Timestamp: 0x59485687
526f74.4a8: Image Version: 10.0
527f74.4a8: SizeOfImage: 0x31000 (200704)
528f74.4a8: Resource Dir: 0x2f000 LB 0x350
529f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
530f74.4a8: [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
531f74.4a8: ProductName: Avast Antivirus
532f74.4a8: ProductVersion: 17.5.3540.0
533f74.4a8: FileVersion: 17.5.3540.0
534f74.4a8: FileDescription: Stream Filter
535f74.4a8: \SystemRoot\System32\drivers\aswVmm.sys:
536f74.4a8: CreationTime: 2017-06-28T20:15:50.242953700Z
537f74.4a8: LastWriteTime: 2017-06-28T20:15:38.526283500Z
538f74.4a8: ChangeTime: 2017-06-28T20:15:43.399562300Z
539f74.4a8: FileAttributes: 0x20
540f74.4a8: Size: 0x58158
541f74.4a8: NT Headers: 0xe8
542f74.4a8: Timestamp: 0x5948547c
543f74.4a8: Machine: 0x8664 - amd64
544f74.4a8: Timestamp: 0x5948547c
545f74.4a8: Image Version: 6.0
546f74.4a8: SizeOfImage: 0x56000 (352256)
547f74.4a8: Resource Dir: 0x53000 LB 0x390
548f74.4a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
549f74.4a8: [Raw version resource data: 0x53060 LB 0x330, codepage 0x0 (reserved 0x0)]
550f74.4a8: ProductName: Avast Antivirus
551f74.4a8: ProductVersion: 17.5.3540.0
552f74.4a8: FileVersion: 17.5.3540.0
553f74.4a8: FileDescription: Avast VM Monitor
554f74.4a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
555f74.4a8: Calling main()
556f74.4a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
557f74.4a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
558f74.4a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
559f74.4a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
560f74.4a8: SUPR3HardenedMain: Respawn #2
561f74.4a8: supR3HardNtEnableThreadCreation:
562f74.4a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
563f74.4a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
564f74.4a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
565f74.4a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
566f74.4a8: supR3HardenedDllNotificationCallback: load 000007fefd480000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
567f74.4a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
568f74.4a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd480000 'C:\Windows\system32\apphelp.dll'
569f74.4a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ba360 pvNtTerminateThread=00000000779dc260
570f74.4a8: supR3HardenedWinDoReSpawn(2): New child 9d8.dc8 [kernel32].
571f74.4a8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
572f74.4a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077990000 uNtDllChildAddr=0000000077990000
573f74.4a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000779ba360
574f74.4a8: supR3HardenedWinSetupChildInit: Start child.
575f74.4a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
576f74.4a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
577f74.4a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
578f74.4a8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
579f74.4a8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
580f74.4a8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
581f74.4a8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
582f74.4a8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
583f74.4a8: 0000000000041000-000000000010ffff 0x0001/0x0000 0x0000000
584f74.4a8: *0000000000110000-000000000020bfff 0x0000/0x0004 0x0020000
585f74.4a8: 000000000020c000-000000000020dfff 0x0104/0x0004 0x0020000
586f74.4a8: 000000000020e000-000000000020ffff 0x0004/0x0004 0x0020000
587f74.4a8: 0000000000210000-000000007798ffff 0x0001/0x0000 0x0000000
588f74.4a8: *0000000077990000-0000000077990fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
589f74.4a8: 0000000077991000-0000000077a8dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
590f74.4a8: 0000000077a8e000-0000000077abcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
591f74.4a8: 0000000077abd000-0000000077ac6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
592f74.4a8: 0000000077ac7000-0000000077ac7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
593f74.4a8: 0000000077ac8000-0000000077acafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
594f74.4a8: 0000000077acb000-0000000077b39fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
595f74.4a8: 0000000077b3a000-000000007efdffff 0x0001/0x0000 0x0000000
596f74.4a8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
597f74.4a8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
598f74.4a8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
599f74.4a8: 000000007fff0000-000000013f70ffff 0x0001/0x0000 0x0000000
600f74.4a8: *000000013f710000-000000013f710fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
601f74.4a8: 000000013f711000-000000013f780fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
602f74.4a8: 000000013f781000-000000013f781fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
603f74.4a8: 000000013f782000-000000013f7c6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
604f74.4a8: 000000013f7c7000-000000013f7c7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
605f74.4a8: 000000013f7c8000-000000013f7c8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
606f74.4a8: 000000013f7c9000-000000013f7cdfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
607f74.4a8: 000000013f7ce000-000000013f7cefff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
608f74.4a8: 000000013f7cf000-000000013f7cffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
609f74.4a8: 000000013f7d0000-000000013f7d3fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
610f74.4a8: 000000013f7d4000-000000013f81bfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
611f74.4a8: 000000013f81c000-000007feffcaffff 0x0001/0x0000 0x0000000
612f74.4a8: *000007feffcb0000-000007feffcb0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
613f74.4a8: 000007feffcb1000-000007fffffaffff 0x0001/0x0000 0x0000000
614f74.4a8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
615f74.4a8: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
616f74.4a8: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
617f74.4a8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
618f74.4a8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
619f74.4a8: apisetschema.dll: timestamp 0x5915fdad (rc=VINF_SUCCESS)
620f74.4a8: VirtualBox.exe: timestamp 0x5903619d (rc=VINF_SUCCESS)
621f74.4a8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
622f74.4a8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
623f74.4a8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
624f74.4a8: supR3HardNtChildPurify: Done after 546 ms and 0 fixes (loop #0).
6259d8.dc8: Log file opened: 5.1.22r115126 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
6269d8.dc8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077990000 g_uNtVerCombined=0x611db100
627f74.4a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
628f74.4a8: supR3HardNtEnableThreadCreation:
6299d8.dc8: ntdll.dll: timestamp 0x5915fdce (rc=VINF_SUCCESS)
6309d8.dc8: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
6319d8.dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
6329d8.dc8: System32: \Device\HarddiskVolume2\Windows\System32
6339d8.dc8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
6349d8.dc8: KnownDllPath: C:\Windows\system32
6359d8.dc8: supR3HardenedVmProcessInit: Opening vboxdrv...
6369d8.dc8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
6379d8.dc8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
6389d8.dc8: Registered Dll notification callback with NTDLL.
6399d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
6409d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
6419d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6429d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6439d8.dc8: supR3HardenedDllNotificationCallback: load 0000000077770000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
6449d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6459d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
6469d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
6479d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
6489d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077770000 'C:\Windows\system32\kernel32.dll'
6499d8.dc8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000779ba360 pvNtTerminateThread=00000000779dc260
650f74.4a8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
6519d8.dc8: \SystemRoot\System32\ntdll.dll:
6529d8.dc8: CreationTime: 2017-06-29T13:31:49.744758700Z
6539d8.dc8: LastWriteTime: 2017-05-12T18:24:12.913140800Z
6549d8.dc8: ChangeTime: 2017-06-29T17:29:01.999661900Z
6559d8.dc8: FileAttributes: 0x20
6569d8.dc8: Size: 0x1a7100
6579d8.dc8: NT Headers: 0xe0
6589d8.dc8: Timestamp: 0x5915fdce
6599d8.dc8: Machine: 0x8664 - amd64
6609d8.dc8: Timestamp: 0x5915fdce
6619d8.dc8: Image Version: 6.1
6629d8.dc8: SizeOfImage: 0x1aa000 (1744896)
6639d8.dc8: Resource Dir: 0x14e000 LB 0x5a028
6649d8.dc8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
6659d8.dc8: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
6669d8.dc8: ProductName: Microsoft® Windows® Operating System
6679d8.dc8: ProductVersion: 6.1.7601.23807
6689d8.dc8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
6699d8.dc8: FileDescription: NT Layer DLL
6709d8.dc8: \SystemRoot\System32\kernel32.dll:
6719d8.dc8: CreationTime: 2017-06-29T13:31:40.275542100Z
6729d8.dc8: LastWriteTime: 2017-05-12T18:22:33.598000000Z
6739d8.dc8: ChangeTime: 2017-06-29T17:29:09.674875400Z
6749d8.dc8: FileAttributes: 0x20
6759d8.dc8: Size: 0x11c000
6769d8.dc8: NT Headers: 0xe0
6779d8.dc8: Timestamp: 0x5915fe13
6789d8.dc8: Machine: 0x8664 - amd64
6799d8.dc8: Timestamp: 0x5915fe13
6809d8.dc8: Image Version: 6.1
6819d8.dc8: SizeOfImage: 0x11f000 (1175552)
6829d8.dc8: Resource Dir: 0x116000 LB 0x528
6839d8.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
6849d8.dc8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
6859d8.dc8: ProductName: Microsoft® Windows® Operating System
6869d8.dc8: ProductVersion: 6.1.7601.23807
6879d8.dc8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
6889d8.dc8: FileDescription: Windows NT BASE API Client DLL
6899d8.dc8: \SystemRoot\System32\KernelBase.dll:
6909d8.dc8: CreationTime: 2017-06-29T13:31:41.741944700Z
6919d8.dc8: LastWriteTime: 2017-05-12T18:22:33.598000000Z
6929d8.dc8: ChangeTime: 2017-06-29T17:29:09.674875400Z
6939d8.dc8: FileAttributes: 0x20
6949d8.dc8: Size: 0x66800
6959d8.dc8: NT Headers: 0xe8
6969d8.dc8: Timestamp: 0x5915fe14
6979d8.dc8: Machine: 0x8664 - amd64
6989d8.dc8: Timestamp: 0x5915fe14
6999d8.dc8: Image Version: 6.1
7009d8.dc8: SizeOfImage: 0x6a000 (434176)
7019d8.dc8: Resource Dir: 0x68000 LB 0x530
7029d8.dc8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
7039d8.dc8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
7049d8.dc8: ProductName: Microsoft® Windows® Operating System
7059d8.dc8: ProductVersion: 6.1.7601.23807
7069d8.dc8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
7079d8.dc8: FileDescription: Windows NT BASE API Client DLL
7089d8.dc8: \SystemRoot\System32\apisetschema.dll:
7099d8.dc8: CreationTime: 2017-06-29T13:31:26.001517000Z
7109d8.dc8: LastWriteTime: 2017-05-12T18:22:28.981000000Z
7119d8.dc8: ChangeTime: 2017-06-29T17:29:01.843661600Z
7129d8.dc8: FileAttributes: 0x20
7139d8.dc8: Size: 0x1a00
7149d8.dc8: NT Headers: 0xc0
7159d8.dc8: Timestamp: 0x5915fdad
7169d8.dc8: Machine: 0x8664 - amd64
7179d8.dc8: Timestamp: 0x5915fdad
7189d8.dc8: Image Version: 6.1
7199d8.dc8: SizeOfImage: 0x50000 (327680)
7209d8.dc8: Resource Dir: 0x30000 LB 0x3f8
7219d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7229d8.dc8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
7239d8.dc8: ProductName: Microsoft® Windows® Operating System
7249d8.dc8: ProductVersion: 6.1.7601.23807
7259d8.dc8: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
7269d8.dc8: FileDescription: ApiSet Schema DLL
7279d8.dc8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
7289d8.dc8: supR3HardenedWinFindAdversaries: 0x4
7299d8.dc8: \SystemRoot\System32\drivers\aswHwid.sys:
7309d8.dc8: CreationTime: 2017-06-28T20:15:49.011883300Z
7319d8.dc8: LastWriteTime: 2017-06-28T20:15:38.357273900Z
7329d8.dc8: ChangeTime: 2017-06-28T20:15:43.398562200Z
7339d8.dc8: FileAttributes: 0x20
7349d8.dc8: Size: 0xb788
7359d8.dc8: NT Headers: 0xe8
7369d8.dc8: Timestamp: 0x5948521a
7379d8.dc8: Machine: 0x8664 - amd64
7389d8.dc8: Timestamp: 0x5948521a
7399d8.dc8: Image Version: 6.0
7409d8.dc8: SizeOfImage: 0xa000 (40960)
7419d8.dc8: Resource Dir: 0x8000 LB 0x388
7429d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7439d8.dc8: [Raw version resource data: 0x8060 LB 0x324, codepage 0x0 (reserved 0x0)]
7449d8.dc8: ProductName: Avast Antivirus
7459d8.dc8: ProductVersion: 17.5.3540.0
7469d8.dc8: FileVersion: 17.5.3540.0
7479d8.dc8: FileDescription: Avast HWID
7489d8.dc8: \SystemRoot\System32\drivers\aswMonFlt.sys:
7499d8.dc8: CreationTime: 2017-06-28T20:15:49.288899100Z
7509d8.dc8: LastWriteTime: 2017-06-28T20:15:38.375274900Z
7519d8.dc8: ChangeTime: 2017-06-28T20:15:43.398562200Z
7529d8.dc8: FileAttributes: 0x20
7539d8.dc8: Size: 0x23ce8
7549d8.dc8: NT Headers: 0xf0
7559d8.dc8: Timestamp: 0x594c486f
7569d8.dc8: Machine: 0x8664 - amd64
7579d8.dc8: Timestamp: 0x594c486f
7589d8.dc8: Image Version: 6.0
7599d8.dc8: SizeOfImage: 0x27000 (159744)
7609d8.dc8: Resource Dir: 0x25000 LB 0x3b0
7619d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7629d8.dc8: [Raw version resource data: 0x25060 LB 0x34c, codepage 0x0 (reserved 0x0)]
7639d8.dc8: ProductName: Avast Antivirus
7649d8.dc8: ProductVersion: 17.5.3556.0
7659d8.dc8: FileVersion: 17.5.3556.0
7669d8.dc8: FileDescription: Avast File System Minifilter for Windows 2003/Vista
7679d8.dc8: \SystemRoot\System32\drivers\aswRdr2.sys:
7689d8.dc8: CreationTime: 2017-06-28T20:15:48.688864800Z
7699d8.dc8: LastWriteTime: 2017-06-28T20:15:38.005253700Z
7709d8.dc8: ChangeTime: 2017-06-28T20:15:43.398562200Z
7719d8.dc8: FileAttributes: 0x20
7729d8.dc8: Size: 0x1af10
7739d8.dc8: NT Headers: 0xf0
7749d8.dc8: Timestamp: 0x59485232
7759d8.dc8: Machine: 0x8664 - amd64
7769d8.dc8: Timestamp: 0x59485232
7779d8.dc8: Image Version: 6.1
7789d8.dc8: SizeOfImage: 0x1a000 (106496)
7799d8.dc8: Resource Dir: 0x18000 LB 0x398
7809d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
7819d8.dc8: [Raw version resource data: 0x18060 LB 0x334, codepage 0x0 (reserved 0x0)]
7829d8.dc8: ProductName: Avast Antivirus
7839d8.dc8: ProductVersion: 17.5.3540.0
7849d8.dc8: FileVersion: 17.5.3540.0 built by: WinDDK
7859d8.dc8: FileDescription: Avast WFP Redirect Driver
7869d8.dc8: \SystemRoot\System32\drivers\aswRvrt.sys:
7879d8.dc8: CreationTime: 2017-06-28T20:15:49.566915000Z
7889d8.dc8: LastWriteTime: 2017-06-28T20:15:38.434278300Z
7899d8.dc8: ChangeTime: 2017-06-28T20:15:43.398562200Z
7909d8.dc8: FileAttributes: 0x20
7919d8.dc8: Size: 0x149a8
7929d8.dc8: NT Headers: 0xf0
7939d8.dc8: Timestamp: 0x5948521c
7949d8.dc8: Machine: 0x8664 - amd64
7959d8.dc8: Timestamp: 0x5948521c
7969d8.dc8: Image Version: 6.0
7979d8.dc8: SizeOfImage: 0x13000 (77824)
7989d8.dc8: Resource Dir: 0x11000 LB 0x388
7999d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8009d8.dc8: [Raw version resource data: 0x11060 LB 0x328, codepage 0x0 (reserved 0x0)]
8019d8.dc8: ProductName: Avast Antivirus
8029d8.dc8: ProductVersion: 17.5.3540.0
8039d8.dc8: FileVersion: 17.5.3540.0
8049d8.dc8: FileDescription: Avast Revert
8059d8.dc8: \SystemRoot\System32\drivers\aswSnx.sys:
8069d8.dc8: CreationTime: 2017-06-28T20:15:48.422849600Z
8079d8.dc8: LastWriteTime: 2017-06-28T20:15:14.038882900Z
8089d8.dc8: ChangeTime: 2017-06-28T20:15:43.399562300Z
8099d8.dc8: FileAttributes: 0x20
8109d8.dc8: Size: 0xf8028
8119d8.dc8: NT Headers: 0xe8
8129d8.dc8: Timestamp: 0x59485239
8139d8.dc8: Machine: 0x8664 - amd64
8149d8.dc8: Timestamp: 0x59485239
8159d8.dc8: Image Version: 6.0
8169d8.dc8: SizeOfImage: 0xf6000 (1007616)
8179d8.dc8: Resource Dir: 0xee000 LB 0x378
8189d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8199d8.dc8: [Raw version resource data: 0xee060 LB 0x314, codepage 0x0 (reserved 0x0)]
8209d8.dc8: ProductName: Avast Antivirus
8219d8.dc8: ProductVersion: 17.5.3540.0
8229d8.dc8: FileVersion: 17.5.3540.0
8239d8.dc8: FileDescription: Avast Virtualization Driver
8249d8.dc8: \SystemRoot\System32\drivers\aswsp.sys:
8259d8.dc8: CreationTime: 2017-06-28T20:15:49.844930900Z
8269d8.dc8: LastWriteTime: 2017-06-28T20:15:38.467280200Z
8279d8.dc8: ChangeTime: 2017-06-28T20:15:43.399562300Z
8289d8.dc8: FileAttributes: 0x20
8299d8.dc8: Size: 0x8ef88
8309d8.dc8: NT Headers: 0xe0
8319d8.dc8: Timestamp: 0x594c4886
8329d8.dc8: Machine: 0x8664 - amd64
8339d8.dc8: Timestamp: 0x594c4886
8349d8.dc8: Image Version: 6.0
8359d8.dc8: SizeOfImage: 0xb1000 (724992)
8369d8.dc8: Resource Dir: 0xaf000 LB 0x370
8379d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8389d8.dc8: [Raw version resource data: 0xaf060 LB 0x310, codepage 0x0 (reserved 0x0)]
8399d8.dc8: ProductName: Avast Antivirus
8409d8.dc8: ProductVersion: 17.5.3556.0
8419d8.dc8: FileVersion: 17.5.3556.0
8429d8.dc8: FileDescription: Avast self protection module
8439d8.dc8: \SystemRoot\System32\drivers\aswStm.sys:
8449d8.dc8: CreationTime: 2017-06-28T20:15:50.498968300Z
8459d8.dc8: LastWriteTime: 2017-06-28T20:15:38.716294400Z
8469d8.dc8: ChangeTime: 2017-06-28T20:15:43.399562300Z
8479d8.dc8: FileAttributes: 0x20
8489d8.dc8: Size: 0x30870
8499d8.dc8: NT Headers: 0x100
8509d8.dc8: Timestamp: 0x59485687
8519d8.dc8: Machine: 0x8664 - amd64
8529d8.dc8: Timestamp: 0x59485687
8539d8.dc8: Image Version: 10.0
8549d8.dc8: SizeOfImage: 0x31000 (200704)
8559d8.dc8: Resource Dir: 0x2f000 LB 0x350
8569d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x405)]
8579d8.dc8: [Raw version resource data: 0x2f060 LB 0x2f0, codepage 0x0 (reserved 0x0)]
8589d8.dc8: ProductName: Avast Antivirus
8599d8.dc8: ProductVersion: 17.5.3540.0
8609d8.dc8: FileVersion: 17.5.3540.0
8619d8.dc8: FileDescription: Stream Filter
8629d8.dc8: \SystemRoot\System32\drivers\aswVmm.sys:
8639d8.dc8: CreationTime: 2017-06-28T20:15:50.242953700Z
8649d8.dc8: LastWriteTime: 2017-06-28T20:15:38.526283500Z
8659d8.dc8: ChangeTime: 2017-06-28T20:15:43.399562300Z
8669d8.dc8: FileAttributes: 0x20
8679d8.dc8: Size: 0x58158
8689d8.dc8: NT Headers: 0xe8
8699d8.dc8: Timestamp: 0x5948547c
8709d8.dc8: Machine: 0x8664 - amd64
8719d8.dc8: Timestamp: 0x5948547c
8729d8.dc8: Image Version: 6.0
8739d8.dc8: SizeOfImage: 0x56000 (352256)
8749d8.dc8: Resource Dir: 0x53000 LB 0x390
8759d8.dc8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
8769d8.dc8: [Raw version resource data: 0x53060 LB 0x330, codepage 0x0 (reserved 0x0)]
8779d8.dc8: ProductName: Avast Antivirus
8789d8.dc8: ProductVersion: 17.5.3540.0
8799d8.dc8: FileVersion: 17.5.3540.0
8809d8.dc8: FileDescription: Avast VM Monitor
8819d8.dc8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8829d8.dc8: Calling main()
8839d8.dc8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8849d8.dc8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8859d8.dc8: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8869d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8879d8.dc8: SUPR3HardenedMain: Final process, opening VBoxDrv...
8889d8.dc8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
8899d8.dc8: supR3HardNtEnableThreadCreation:
8909d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8919d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8929d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b1f1:<flags> [calling]
8939d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8949d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef0650000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8959d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8969d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8979d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208971:<flags> [calling]
8989d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8999d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
9009d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208971:<flags> [calling]
9019d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9029d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0650000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
9039d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9049d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
9059d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
9069d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
9079d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
9089d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
9099d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9109d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9119d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
9129d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
9139d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9159d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
9169d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
9179d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
9189d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
9199d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9209d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
9219d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
9229d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
9239d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9249d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9259d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
9269d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
9279d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
9289d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
9299d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9309d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9329d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9339d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d001:<flags> [calling]
9349d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9359d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
9369d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9379d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefeb10000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
9389d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9399d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd740000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
9409d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9419d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd690000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
9429d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
9439d8.dc8: supR3HardenedDllNotificationCallback: load 000007feffb70000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
9449d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9459d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\Wintrust.dll'
9469d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
9479d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
9489d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d001:<flags> [calling]
9499d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9509d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefcfc0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
9519d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9529d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\Windows\system32\bcrypt.dll'
9539d8.dc8: bcrypt.dll loaded at 000007fefcfc0000, BCryptOpenAlgorithmProvider at 000007fefcfc2460, preloading providers:
9549d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
9559d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
9569d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
9579d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
9589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
9599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
9609d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
9619d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9639d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9649d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
9659d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
9669d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
9679d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9689d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9699d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9709d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9729d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9739d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cfe1:<flags> [calling]
9749d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9759d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefcab0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
9769d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9779d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefea30000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
9789d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9799d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9809d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9819d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9829d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9839d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefee60000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
9849d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9859d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcab0000 'C:\Windows\system32\bcryptprimitives.dll'
9869d8.dc8: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000008bb6e0)
9879d8.dc8: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000008bd700)
9889d8.dc8: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000008bd830)
9899d8.dc8: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000008bda50)
9909d8.dc8: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000008bdb80)
9919d8.dc8: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000008bdcb0)
9929d8.dc8: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000008bdf00)
9939d8.dc8: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000008be030)
9949d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
9959d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
9969d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9989d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9999d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10019d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10029d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cb51:<flags> [calling]
10039d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10049d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefce70000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
10059d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10069d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\CRYPTSP.dll'
10079d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10089d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
10099d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
10109d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10119d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10129d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10139d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cae1:<flags> [calling]
10149d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10159d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefcb70000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
10169d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
10179d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb70000 'C:\Windows\system32\rsaenh.dll'
10189d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10199d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c371:<flags> [calling]
10209d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
10219d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
10229d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
10239d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c6f1:<flags> [calling]
10249d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
10259d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd520000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
10269d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
10279d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd520000 'C:\Windows\system32\CRYPTBASE.dll'
10289d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
10299d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c121:<flags> [calling]
10309d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077770000 'C:\Windows\system32\kernel32.dll'
10319d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10329d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cab1:<flags> [calling]
10339d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\WINTRUST.DLL'
10349d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10359d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020c8e1:<flags> [calling]
10369d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\Windows\system32\CRYPT32.dll'
10379d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10389d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
10399d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
10409d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
10419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
10429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
10439d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
10449d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10459d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10469d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10479d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c931:<flags> [calling]
10489d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10499d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefebb0000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
10509d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
10519d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\imagehlp.dll'
10529d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
10539d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ca81:<flags> [calling]
10549d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\CRYPTSP.dll'
10559d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10569d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10579d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10609d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10619d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
10629d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10639d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10649d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
10659d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
10669d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
10679d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
10689d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
10699d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
10709d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
10719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10729d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10739d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10749d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
10759d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
10769d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10779d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
10789d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
10799d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
10809d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
10819d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10829d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10839d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10859d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10869d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10879d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10889d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10899d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
10909d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
10919d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
10929d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10939d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
10949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
10959d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
10969d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c5b1:<flags> [calling]
10979d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
10989d8.dc8: supR3HardenedDllNotificationCallback: load 0000000077890000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
10999d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11009d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff470000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
11019d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11029d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefebd0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
11039d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
11049d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff300000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
11059d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
11069d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11079d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bab1:<flags> [calling]
11089d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'C:\Windows\system32\gdi32.dll'
11099d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
11109d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
11119d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
11129d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
11139d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
11149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
11159d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
11169d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11179d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
11189d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
11199d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
11209d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
11219d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
11229d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11239d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11249d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11259d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11269d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11279d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11289d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
11299d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
11309d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
11329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
11339d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
11349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11359d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11369d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11399d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11409d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b3f1:<flags> [calling]
11419d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11429d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff2c0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
11439d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
11449d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff1b0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
11459d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
11469d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\IMM32.DLL'
11479d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\USER32.dll'
11489d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
11499d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11509d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
11519d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
11529d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
11539d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
11549d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
11559d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
11569d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11579d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11589d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
11609d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
11619d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11629d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c8b1:<flags> [calling]
11639d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11649d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefcff0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
11659d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
11669d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcff0000 'C:\Windows\system32\ncrypt.dll'
11679d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
11689d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c6a1:<flags> [calling]
11699d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\Windows\system32\bcrypt.dll'
11709d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11719d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11729d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
11739d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
11749d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
11759d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11769d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11779d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11789d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
11799d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
11809d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11819d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11829d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11839d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11859d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11869d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11879d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11889d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11899d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c031:<flags> [calling]
11909d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11919d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd8b0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
11929d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
11939d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd680000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
11949d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
11959d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8b0000 'C:\Windows\system32\USERENV.dll'
11969d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bd91:<flags> [calling]
11979d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
11989d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c121:<flags> [calling]
11999d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12009d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12019d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
12029d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
12039d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
12049d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12059d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12069d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12079d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12089d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12099d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12109d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c351:<flags> [calling]
12119d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12129d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefc930000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
12139d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
12149d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc930000 'C:\Windows\system32\GPAPI.dll'
12159d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c2a1:<flags> [calling]
12169d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
12179d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12189d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b9a1:<flags> [calling]
12199d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffb70000 'C:\Windows\system32\rpcrt4.dll'
12209d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c281:<flags> [calling]
12219d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-Management-L2-1-0.dll'
12229d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c291:<flags> [calling]
12239d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12249d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12259d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
12269d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
12279d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
12289d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
12299d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
12309d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
12319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
12329d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12339d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
12349d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
12359d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12369d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12379d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
12389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
12399d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
12409d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
12419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12439d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12449d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12459d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12469d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12479d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bd91:<flags> [calling]
12489d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12499d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef9540000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
12509d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12519d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefda40000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
12529d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
12539d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12549d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12559d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12569d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12579d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12589d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12599d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12609d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12619d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12629d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12639d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12649d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12659d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12669d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12679d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12689d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12699d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020afc1:<flags> [calling]
12709d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12719d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12729d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12739d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12749d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12759d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12769d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12779d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12789d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12799d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12809d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12819d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12829d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
12839d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9540000 'C:\Windows\system32\cryptnet.dll'
12849d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020b6b1:<flags> [calling]
12859d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
12869d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
12879d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b6b1:<flags> [calling]
12889d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'C:\Windows\system32\profapi.dll'
12899d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12909d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
12919d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
12929d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
12939d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
12949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12969d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12999d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13029d8.dc8: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13039d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b141:<flags> [calling]
13049d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13059d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff640000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
13069d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13079d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff640000 'C:\Windows\system32\SHLWAPI.dll'
13089d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
13099d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000939130
13109d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13119d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A575218B432436539B9CC29F0284AEDDF70E411D
13129d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c071:<flags> [calling]
13139d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
13149d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bbd1:<flags> [calling]
13159d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
13169d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bbd1:<flags> [calling]
13179d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
13189d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
13199d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c071:<flags> [calling]
13209d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
13219d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c021:<flags> [calling]
13229d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13239d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bd11:<flags> [calling]
13249d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
13259d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
13269d8.dc8: g_pfnWinVerifyTrust=000007fefd991010
13279d8.dc8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
13289d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
13299d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13309d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13319d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
13329d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13339d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13349d8.dc8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
13359d8.dc8: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
13369d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
13379d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13389d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13399d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
13409d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13419d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13429d8.dc8: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
13439d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000390 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
13449d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13459d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13469d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
13479d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13489d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13499d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
13509d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
13519d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13529d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13539d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
13549d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13559d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13569d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
13579d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
13589d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13599d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13609d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
13619d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13629d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13639d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
13649d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
13659d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13669d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13679d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
13689d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13699d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13709d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
13719d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
13729d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13739d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13749d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
13759d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13769d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13779d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
13789d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
13799d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13809d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
13829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13849d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
13859d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
13869d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13879d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13889d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F588EAF5A3D58D4960E04E1AF0463F1A4CFE02F0
13899d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13909d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13919d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
13929d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
13939d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
13949d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
13959d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
13969d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
13979d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13989d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
13999d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
14009d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14019d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14029d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
14039d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
14049d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14059d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
14069d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
14079d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14089d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14099d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFAF060D43CBE108CC0D9F19F7A46C65B71782E8
14109d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
14119d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14129d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
14139d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
14149d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14159d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14169d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54204179B88581EFC0328D16D151171EADAA7023
14179d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
14189d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14199d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
14209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
14219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14239d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C825E345B3737457F9C8CE8AE46B101F3EE4F2D4
14249d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14259d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14269d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
14279d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
14289d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14299d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14309d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
14319d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
14329d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14339d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
14349d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
14359d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14369d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14379d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
14389d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14399d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14409d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
14419d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
14429d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14439d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14449d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8884EAF16A05EA24D7FB0123526BEE5B1616740
14459d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14469d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14479d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
14489d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
14499d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
14509d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14519d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14529d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
14539d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14549d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14559d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
14569d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
14579d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14589d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14599d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
14609d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14619d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14629d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
14639d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
14649d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14659d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14669d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFAC6DCF4B2FAFE07E19EEC3D1B91B1A06B287E
14679d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14689d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14699d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
14709d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
14719d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
14729d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14739d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14749d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=11D01815458E5122DF49C5C61583514B50A005A9
14759d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
14769d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14779d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
14789d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
14799d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14809d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
14829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14849d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
14859d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
14869d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14879d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14889d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
14899d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14909d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14919d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
14929d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
14939d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
14949d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
14959d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=47D110E423A2C049C44113FCC58A25E1310A792D
14969d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
14979d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14989d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
14999d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
15009d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
15019d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
15029d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
15039d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9B37FD93C563AD17BD4152242826AFB37915942
15049d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
15059d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15069d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
15079d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
15089d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
15099d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
15109d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=05EB7B0D1AE52CE73BAAC1CFDE6BB0BD43E55404
15119d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
15129d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15139d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
15149d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
15159d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bb11:<flags> [calling]
15169d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\Windows\system32\crypt32.dll'
15179d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
15189d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
15199d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
15209d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15219d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
15229d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
15239d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
15249d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
15259d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x291963e5eb2fab00 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
15269d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
15279d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
15289d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
15299d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
15309d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
15319d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
15329d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
15339d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
15349d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
15359d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
15369d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
15379d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
15389d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
15399d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
15409d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
15419d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
15429d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
15439d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
15449d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
15459d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
15469d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
15479d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
15489d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
15499d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
15509d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xdc1801b225aea100 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2 G3
15519d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
15529d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
15539d8.dc8: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
15549d8.dc8: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=37
15559d8.dc8: SUPR3HardenedMain: Load Runtime...
15569d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15579d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
15589d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
15599d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
15609d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
15619d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
15629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15639d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15649d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
15659d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
15669d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
15679d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15689d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
15699d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
15709d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
15719d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
15729d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15739d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15749d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15759d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
15769d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
15779d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
15789d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
15799d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
15809d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
15819d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
15829d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
15839d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15859d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
15869d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15879d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15889d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
15899d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
15909d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
15919d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
15929d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
15939d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
15949d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
15959d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
15969d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
15979d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15989d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
15999d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
16009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
16019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
16029d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
16039d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16049d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16059d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
16069d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020be41:<flags> [calling]
16079d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16089d8.dc8: supR3HardenedDllNotificationCallback: load 000007feee130000 LB 0x0053d000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
16099d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16109d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16119d8.dc8: supR3HardenedDllNotificationCallback: load 000000006efb0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
16129d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
16139d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16149d8.dc8: supR3HardenedDllNotificationCallback: load 000000006ef10000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
16159d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
16169d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefee10000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
16179d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
16189d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff2f0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
16199d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
16209d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16219d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16229d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16239d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16249d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16259d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16269d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16279d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16289d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16299d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16309d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16319d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16329d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16339d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16349d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16359d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16369d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16379d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16389d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16399d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16409d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16419d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16429d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16439d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16449d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16459d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16469d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16479d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16489d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16499d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16509d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16519d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16529d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16539d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16549d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16559d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16569d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16579d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16589d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16599d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16609d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16619d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16629d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16639d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
16649d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209581:<flags> [calling]
16659d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16669d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16679d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16689d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee130000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
16699d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
16709d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d9a1:<flags> [calling]
16719d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\Wintrust.dll'
16729d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
16739d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c4f1:<flags> [calling]
16749d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd740000 'C:\Windows\system32\crypt32.dll'
16759d8.dc8: SUPR3HardenedMain: Load TrustedMain...
16769d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
16779d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
16789d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
16799d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
16809d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
16819d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
16829d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
16839d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
16849d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
16859d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
16869d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
16879d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
16889d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
16899d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
16909d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
16919d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
16929d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
16939d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
16949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
16959d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
16969d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
16979d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
16989d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
16999d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
17009d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17019d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17029d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17039d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
17049d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
17059d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17069d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17079d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17089d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
17099d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
17109d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
17119d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
17129d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17139d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17149d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
17159d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
17169d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
17179d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
17189d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
17199d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17209d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
17219d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
17229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
17239d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
17249d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
17259d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3D6DA21FECCBC3CFB6FD4597280DC013ADD2D59
17269d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
17279d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17289d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17299d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
17309d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
17319d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
17329d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
17339d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
17349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
17359d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
17369d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
17379d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
17389d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
17399d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBC6DA834E0DA642E3A7EB4466EBDC7921EDD667
17409d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
17419d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17429d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17439d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
17449d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
17459d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
17469d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
17479d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
17489d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17499d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17509d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
17519d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17529d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17539d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
17549d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
17559d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
17569d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
17579d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
17589d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
17599d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
17609d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
17619d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
17629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
17639d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17649d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17659d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
17669d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
17679d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17689d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
17699d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
17709d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
17719d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
17729d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
17739d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
17749d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
17759d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
17769d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17779d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
17789d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
17799d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
17809d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17819d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17829d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
17839d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
17849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
17859d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
17869d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
17879d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
17889d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
17899d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
17909d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
17919d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
17929d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
17939d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
17949d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
17959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
17969d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
17979d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
17989d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
17999d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
18009d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
18019d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
18029d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
18039d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
18049d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
18059d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
18069d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
18079d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18089d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18099d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18109d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18119d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18129d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18139d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
18149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
18159d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
18169d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
18179d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000474 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
18189d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
18199d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
18209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
18219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
18229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18239d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18249d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
18259d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
18269d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
18279d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
18289d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
18299d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
18309d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
18319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18339d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
18349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
18359d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
18369d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
18379d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
18389d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
18399d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
18409d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18419d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18429d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18439d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
18449d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
18459d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
18469d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
18479d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
18489d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
18499d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
18509d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
18519d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
18529d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
18539d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
18549d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
18559d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
18569d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18579d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
18589d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
18599d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
18609d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
18619d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
18629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18639d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18649d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
18659d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18669d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18679d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
18689d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
18699d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
18709d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
18729d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
18739d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
18749d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
18759d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
18769d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
18779d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
18789d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
18799d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
18809d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
18819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
18829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
18839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18849d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
18859d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
18869d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
18879d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
18889d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18899d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18909d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18919d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
18929d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18939d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18949d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18969d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18979d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18999d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19029d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19039d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19049d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19059d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19069d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19079d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19089d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19099d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19109d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19119d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19129d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19139d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
19149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
19159d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
19169d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
19179d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
19189d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
19199d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19209d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19219d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19229d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
19239d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
19249d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
19259d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
19269d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
19279d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19289d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19299d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19309d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19339d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19359d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19369d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19399d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19409d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
19419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
19429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
19439d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19449d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
19459d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
19469d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
19479d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
19489d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19499d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19509d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
19519d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19529d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
19539d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
19549d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
19559d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
19569d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
19579d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
19589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
19599d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
19609d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
19619d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
19629d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
19639d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
19649d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19659d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19669d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
19679d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
19689d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
19699d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
19709d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19729d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19739d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19749d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19759d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19769d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19779d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19789d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19799d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19809d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19819d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19829d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19839d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
19849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
19859d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
19869d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
19879d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
19889d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
19899d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
19909d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
19919d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
19929d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
19939d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
19949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
19959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
19969d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
19979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
19989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
19999d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20009d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20029d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20039d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20049d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20059d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20069d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20079d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
20089d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20099d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20109d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20119d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20129d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20139d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20159d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20169d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20179d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20189d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20199d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20209d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20219d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20229d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20239d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20249d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20259d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20269d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20279d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20289d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20299d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20309d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20339d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
20349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
20359d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
20369d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
20379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
20389d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
20399d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
20409d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
20419d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
20429d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
20439d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20449d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
20459d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20469d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
20479d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
20489d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
20499d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20509d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20519d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
20529d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20539d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20549d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20559d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20569d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20579d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20609d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20619d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
20629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
20639d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
20649d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20659d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20669d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
20679d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
20689d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20699d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
20709d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
20719d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
20729d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
20739d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20749d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
20759d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
20769d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
20779d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
20789d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
20799d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
20809d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
20819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
20829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
20839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
20849d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
20859d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
20869d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20879d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
20889d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
20899d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
20909d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20919d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
20929d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
20939d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
20949d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
20959d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
20969d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
20979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
20989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
20999d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
21009d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
21019d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
21029d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
21039d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66AD59F39F40705A9BA47254FA40331C3501DB8F
21049d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
21059d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21069d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21079d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
21089d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21099d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
21109d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21119d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21129d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21139d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21159d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21169d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21179d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21189d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21199d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21209d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21219d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
21229d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
21239d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
21249d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
21259d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
21269d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
21279d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
21289d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21299d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21309d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
21319d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
21329d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
21339d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
21349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
21359d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21369d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21399d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21409d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21439d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21449d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21459d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21469d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21479d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
21489d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
21499d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
21509d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
21519d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21529d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21539d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
21549d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
21559d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
21569d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21579d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21609d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21619d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21629d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21639d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21649d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21659d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21669d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21679d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21689d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21699d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21709d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21729d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21739d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21749d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21759d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
21769d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
21779d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
21789d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21799d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21809d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020be51:<flags> [calling]
21819d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
21829d8.dc8: supR3HardenedDllNotificationCallback: load 000007feed030000 LB 0x008ea000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
21839d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
21849d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21859d8.dc8: supR3HardenedDllNotificationCallback: load 000007feecf10000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
21869d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
21879d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
21889d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef8340000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
21899d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
21909d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21919d8.dc8: supR3HardenedDllNotificationCallback: load 000007feecd30000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
21929d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
21939d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21949d8.dc8: supR3HardenedDllNotificationCallback: load 000007feee690000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
21959d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
21969d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff6c0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
21979d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
21989d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd9e0000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
21999d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
22009d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff4e0000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
22019d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22029d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefdaa0000 LB 0x001fc000 C:\Windows\system32\ole32.dll [fFlags=0x0]
22039d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22049d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
22059d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
22069d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22079d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefbaa0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
22089d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
22099d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22109d8.dc8: supR3HardenedDllNotificationCallback: load 000000006c8c0000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
22119d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22129d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefdca0000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
22139d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22149d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
22159d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef7b40000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
22169d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
22179d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22189d8.dc8: supR3HardenedDllNotificationCallback: load 000007feec730000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
22199d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22209d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22219d8.dc8: supR3HardenedDllNotificationCallback: load 0000000066ce0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
22229d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
22239d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22249d8.dc8: supR3HardenedDllNotificationCallback: load 000007feec430000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
22259d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
22269d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
22279d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefa4e0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
22289d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
22299d8.dc8: supR3HardenedDllNotificationCallback: load 000007feff3d0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
22309d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
22319d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
22329d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
22339d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
22349d8.dc8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
22359d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
22369d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefa560000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
22379d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
22389d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22399d8.dc8: supR3HardenedDllNotificationCallback: load 000000006e350000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
22409d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
22419d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22429d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefb290000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
22439d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
22449d8.dc8: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
22459d8.dc8: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
22469d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
22479d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22489d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22499d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
22509d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
22519d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22529d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22539d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b421:<flags> [calling]
22549d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2c0000 'C:\Windows\system32\imm32.dll'
22559d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.DLL'
22569d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
22579d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
22589d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd520000 'C:\Windows\system32\cryptbase.dll'
22599d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feed030000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
22609d8.dc8: SUPR3HardenedMain: Calling TrustedMain (000007feed031610)...
22619d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22629d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d791:<flags> [calling]
22639d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
22649d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
22659d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
22669d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020be71:<flags> [calling]
22679d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'C:\Windows\system32\profapi.dll'
22689d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
22699d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
22709d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
22719d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
22729d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
22739d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22749d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
22759d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
22769d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
22779d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
22789d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
22799d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
22809d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
22819d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22829d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
22839d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
22849d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
22859d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
22869d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
22879d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
22889d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
22899d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22909d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22919d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22929d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22939d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22969d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
22989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
22999d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
23019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
23029d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
23039d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23049d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23059d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23069d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23079d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23089d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23099d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23109d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e161:<flags> [calling]
23119d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23129d8.dc8: supR3HardenedDllNotificationCallback: load 000007feec000000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
23139d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
23149d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec000000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
23159d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
23169d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e091:<flags> [calling]
23179d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd520000 'C:\Windows\system32\CRYPTBASE.dll'
23189d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23199d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
23209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
23219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
23229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
23239d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23249d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23259d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
23269d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
23279d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
23289d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23299d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
23309d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
23319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23339d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23359d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020db61:<flags> [calling]
23369d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23379d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefbed0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
23389d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23399d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\uxtheme.dll'
23409d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23419d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d5a1:<flags> [calling]
23429d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\uxtheme.dll'
23439d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23449d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d311:<flags> [calling]
23459d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\uxtheme.dll'
23469d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23479d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d311:<flags> [calling]
23489d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\uxtheme.dll'
23499d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\user32.dll'
23509d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23519d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e3a1:<flags> [calling]
23529d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
23539d8.dc8: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
23549d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e281:<flags> [calling]
23559d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\Windows\system32\wintab32.dll'
23569d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
23579d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020da41:<flags> [calling]
23589d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbaa0000 'C:\Windows\system32\dwmapi.dll'
23599d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23609d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e7c1:<flags> [calling]
23619d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
23629d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23639d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e7c1:<flags> [calling]
23649d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
23659d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
23669d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eaa1:<flags> [calling]
23679d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
23689d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23699d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ea71:<flags> [calling]
23709d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbed0000 'C:\Windows\system32\uxtheme.dll'
23719d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\advapi32.dll'
23729d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
23739d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e9d1:<flags> [calling]
23749d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8b0000 'C:\Windows\system32\userenv.dll'
23759d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
23769d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eab1:<flags> [calling]
23779d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077770000 'C:\Windows\system32\kernel32.dll'
23789d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23799d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
23809d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
23819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
23829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
23839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23849d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23859d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
23869d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23879d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23889d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
23899d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
23909d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
23919d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
23929d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23939d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23959d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23969d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
23979d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23989d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23999d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
24009d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24019d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24029d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24039d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24049d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24059d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24069d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24079d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
24089d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b781:<flags> [calling]
24099d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24109d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefebe0000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
24119d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
24129d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebe0000 'C:\Windows\system32\CLBCatQ.DLL'
24139d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
24149d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
24159d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a5d1:<flags> [calling]
24169d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce70000 'C:\Windows\system32\CRYPTSP.dll'
24179d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c0 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24189d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
24199d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
24209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
24219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
24229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24239d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
24249d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
24259d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24269d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24279d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24289d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a191:<flags> [calling]
24299d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24309d8.dc8: supR3HardenedDllNotificationCallback: load 000007fefd5d0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
24319d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
24329d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5d0000 'C:\Windows\system32\RpcRtRemote.dll'
24339d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24349d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24359d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24369d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
24379d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24389d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24399d8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
24409d8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24419d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24429d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24439d8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24449d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24459d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24469d8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24479d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24489d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24499d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24509d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24519d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24529d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24539d8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24549d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24559d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24569d8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004c0e4f1:<flags> [calling]
24579d8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24589d8.c48: supR3HardenedDllNotificationCallback: load 000007feeb550000 LB 0x004f6000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
24599d8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
24609d8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb550000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
24619d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24629d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24639d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
24649d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
24659d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
24669d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
24679d8.c48: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
24689d8.c48: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
24699d8.c48: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24709d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
24719d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
24729d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
24739d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
24749d8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24759d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24769d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24779d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
24789d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
24799d8.c48: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
24809d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24819d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24829d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24839d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
24849d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24859d8.c48: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24869d8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004c0cf91:<flags> [calling]
24879d8.c48: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24889d8.c48: supR3HardenedDllNotificationCallback: load 000007feebd50000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
24899d8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
24909d8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebd50000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
24919d8.c48: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
24929d8.c48: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004c0ce21:<flags> [calling]
24939d8.c48: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\oleaut32.dll'
24949d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
24959d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff470000 'C:\Windows\system32\gdi32.dll'
24969d8.958: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24979d8.958: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
24989d8.958: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
24999d8.958: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25009d8.958: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25019d8.958: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
25029d8.958: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25039d8.958: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25049d8.958: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000470a5d1:<flags> [calling]
25059d8.958: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25069d8.958: supR3HardenedDllNotificationCallback: load 000007feec140000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
25079d8.958: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
25089d8.958: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec140000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
25099d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25109d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a591:<flags> [calling]
25119d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
25129d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
25139d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
25149d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
25159d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
25169d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
25179d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
25189d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002079a1:<flags> [calling]
25199d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\OLEAUT32.dll'
25209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000092c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
25229d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
25239d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
25249d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
25259d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25269d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25279d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
25289d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
25299d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
25309d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
25319d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
25329d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
25339d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25359d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25369d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25399d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25409d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25439d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
25449d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
25459d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000930 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25469d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
25479d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
25489d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
25499d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
25509d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25519d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25529d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
25539d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
25549d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25559d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
25569d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
25579d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25589d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25599d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25609d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25619d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25629d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25639d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25649d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25659d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
25669d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25679d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25689d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
25699d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
25709d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25719d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25729d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206231:<flags> [calling]
25739d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25749d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef85f0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
25759d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
25769d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25779d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef89a0000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
25789d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
25799d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef85f0000 'C:\Windows\system32\wbem\wbemprox.dll'
25809d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000958 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25819d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
25829d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
25839d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
25849d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
25859d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25869d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25879d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
25889d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
25899d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25909d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25919d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25929d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
25939d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25949d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25959d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000205e71:<flags> [calling]
25969d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25979d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef8280000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
25989d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
25999d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8280000 'C:\Windows\system32\wbem\wbemsvc.dll'
26009d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000964 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26019d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
26029d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
26039d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
26049d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
26059d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26069d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26079d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
26089d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
26099d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
26109d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26119d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
26129d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
26139d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26149d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
26159d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
26169d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26179d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
26189d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
26199d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
26209d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
26219d8.dc8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26229d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26239d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
26249d8.dc8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
26259d8.dc8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
26269d8.dc8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26279d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
26289d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
26299d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26309d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26319d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26329d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26339d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
26349d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
26359d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
26369d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26379d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26389d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26399d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26409d8.dc8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26419d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26429d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26439d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26449d8.dc8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26459d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000205eb1:<flags> [calling]
26469d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26479d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef8630000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
26489d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
26499d8.dc8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26509d8.dc8: supR3HardenedDllNotificationCallback: load 000007fef8600000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
26519d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
26529d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8630000 'C:\Windows\system32\wbem\fastprox.dll'
26539d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\OLEAUT32.dll'
26549d8.dc8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
26559d8.dc8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000205ca1:<flags> [calling]
26569d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\WINMM.dll'
26579d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
26589d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
26599d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26609d8.e98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
26619d8.e98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26629d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26639d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26649d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
26659d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
26669d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
26679d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26689d8.e98: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
26699d8.e98: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
26709d8.e98: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26719d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26729d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
26739d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26749d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26759d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26769d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
26779d8.e98: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26789d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26799d8.e98: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
26809d8.e98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000732e3e1:<flags> [calling]
26819d8.e98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26829d8.e98: supR3HardenedDllNotificationCallback: load 000007feeb1a0000 LB 0x002b5000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
26839d8.e98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
26849d8.e98: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26859d8.e98: supR3HardenedDllNotificationCallback: load 0000000066350000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
26869d8.e98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
26879d8.e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
26889d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a20 pwszName=\Device\HarddiskVolume2\Windows\System32\netcfgx.dll
26899d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
26909d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
26919d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
26929d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netcfgx.dll'
26939d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26949d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
26959d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26969d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
26979d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
26989d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
26999d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
27009d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
27019d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
27029d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\netcfgx.dll) WinVerifyTrust
27039d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
27049d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
27059d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
27069d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a3c pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27079d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
27089d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
27099d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
27109d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
27119d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27129d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27139d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
27149d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
27159d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
27169d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
27179d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27189d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27199d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27209d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27219d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27229d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27239d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27249d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27259d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27269d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27279d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27289d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27299d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27309d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27319d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
27329d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
27339d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27349d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27359d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27369d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
27379d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
27389d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a0c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
27399d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
27409d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
27419d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
27429d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
27439d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27449d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27459d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
27469d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
27479d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
27489d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27499d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27509d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27519d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27529d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27539d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27549d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
27559d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
27569d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
27579d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27589d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27599d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27609d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27619d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794b3e1:<flags> [calling]
27629d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
27639d8.d34: supR3HardenedDllNotificationCallback: load 000007fef99d0000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
27649d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\netcfgx.dll
27659d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27669d8.d34: supR3HardenedDllNotificationCallback: load 000007fefa1b0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
27679d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
27689d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27699d8.d34: supR3HardenedDllNotificationCallback: load 000007fefa1a0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
27709d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
27719d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\Windows\system32\netcfgx.dll'
27729d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27739d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794cba1:<flags> [calling]
27749d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\SETUPAPI.dll'
27759d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27769d8.d34: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\devrtl.dll)
27779d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devrtl.dll
27789d8.d34: supR3HardenedDllNotificationCallback: load 000007fefc950000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
27799d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
27809d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a78 pwszName=\Device\HarddiskVolume2\Windows\System32\devrtl.dll
27819d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
27829d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
27839d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
27849d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27859d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27869d8.d34: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\devrtl.dll'
27879d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
27889d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27899d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27909d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794c941:<flags> [calling]
27919d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd990000 'C:\Windows\system32\WINTRUST.dll'
27929d8.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
27939d8.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
27949d8.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
27959d8.a1c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27969d8.a1c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
27979d8.a1c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
27989d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27999d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28009d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28019d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28029d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
28039d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
28049d8.a1c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28059d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28069d8.a1c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28079d8.a1c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c4dd11:<flags> [calling]
28089d8.a1c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28099d8.a1c: supR3HardenedDllNotificationCallback: load 000007fef2910000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
28109d8.a1c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
28119d8.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef2910000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
28129d8.a1c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077890000 'C:\Windows\system32\User32.dll'
28139d8.9e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28149d8.9e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28159d8.9e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28169d8.9e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
28179d8.9e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28189d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28199d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28209d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28219d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28229d8.9e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
28239d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28249d8.9e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28259d8.9e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
28269d8.9e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007a8d791:<flags> [calling]
28279d8.9e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28289d8.9e8: supR3HardenedDllNotificationCallback: load 000007fef21a0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
28299d8.9e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
28309d8.9e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef21a0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
28319d8.6cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28329d8.6cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28339d8.6cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28349d8.6cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
28359d8.6cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28369d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28379d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28389d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28399d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28409d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28419d8.6cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28429d8.6cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007eadb91:<flags> [calling]
28439d8.6cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28449d8.6cc: supR3HardenedDllNotificationCallback: load 000007fef1fe0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
28459d8.6cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
28469d8.6cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
28479d8.ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28489d8.ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
28499d8.ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28509d8.ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
28519d8.ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28529d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28539d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28549d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
28559d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
28569d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28579d8.ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28589d8.ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000816dc11:<flags> [calling]
28599d8.ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28609d8.ee8: supR3HardenedDllNotificationCallback: load 000007fef1fd0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
28619d8.ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
28629d8.ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
28639d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\Shell32.dll'
28649d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007949391:<flags> [calling]
28659d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
28669d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
28679d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794b6c1:<flags> [calling]
28689d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
28699d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28709d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
28719d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
28729d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28739d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28749d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
28759d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28769d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28779d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28789d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28799d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28809d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
28819d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28829d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28839d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
28849d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
28859d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
28869d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
28879d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794c871:<flags> [calling]
28889d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28899d8.d34: supR3HardenedDllNotificationCallback: load 000007fef1990000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
28909d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
28919d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1990000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
28929d8.d34: supR3HardenedDllNotificationCallback: Unload 000007fef1990000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
28939d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
28949d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
28959d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
28969d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
28979d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
28989d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28999d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
29009d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
29019d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
29029d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
29039d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
29049d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29059d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
29069d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
29079d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
29089d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29099d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29109d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
29119d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
29129d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
29139d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29149d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29159d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29169d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29179d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29189d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
29199d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
29209d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29219d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29229d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
29239d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29249d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
29259d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
29269d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29279d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29289d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
29299d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
29309d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
29319d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
29329d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29339d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29349d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29359d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
29369d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
29379d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
29389d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29399d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29409d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29419d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29429d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
29439d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
29449d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
29459d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29469d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29479d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29489d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29499d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29509d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29519d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29529d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29539d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29549d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29559d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d881:<flags> [calling]
29569d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29579d8.d34: supR3HardenedDllNotificationCallback: load 000007feea7f0000 LB 0x009ae000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
29589d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
29599d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29609d8.d34: supR3HardenedDllNotificationCallback: load 000007feebcf0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
29619d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
29629d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29639d8.d34: supR3HardenedDllNotificationCallback: load 000007fef1bb0000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
29649d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29659d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feea7f0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
29669d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29679d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d881:<flags> [calling]
29689d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29699d8.d34: supR3HardenedDllNotificationCallback: load 000007fef04a0000 LB 0x00041000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
29709d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
29719d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef04a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
29729d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
29739d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d881:<flags> [calling]
29749d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb550000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
29759d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
29769d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d791:<flags> [calling]
29779d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
29789d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29799d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29809d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
29819d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29829d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29839d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29849d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29859d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29869d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d791:<flags> [calling]
29879d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29889d8.d34: supR3HardenedDllNotificationCallback: load 000007fef19c0000 LB 0x0001e000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
29899d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
29909d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef19c0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
29919d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
29929d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
29939d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
29949d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
29959d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
29969d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
29979d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
29989d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
29999d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d791:<flags> [calling]
30009d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
30019d8.d34: supR3HardenedDllNotificationCallback: load 000007fef19a0000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
30029d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
30039d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef19a0000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
30049d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30059d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30069d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
30079d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30089d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30099d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30109d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30119d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30129d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d791:<flags> [calling]
30139d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30149d8.d34: supR3HardenedDllNotificationCallback: load 000007fef0630000 LB 0x00017000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
30159d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
30169d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0630000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
30179d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30189d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30199d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
30209d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30219d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30229d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30239d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30249d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30259d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d791:<flags> [calling]
30269d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30279d8.d34: supR3HardenedDllNotificationCallback: load 000007fef0480000 LB 0x00019000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
30289d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
30299d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0480000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
30309d8.9bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30319d8.9bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
30329d8.9bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
30339d8.9bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
30349d8.9bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30359d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30369d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30379d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
30389d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
30399d8.9bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
30409d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30419d8.9bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30429d8.9bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000aa8df11:<flags> [calling]
30439d8.9bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30449d8.9bc: supR3HardenedDllNotificationCallback: load 000007fef1fc0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
30459d8.9bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
30469d8.9bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1fc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
30479d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
30489d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
30499d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
30509d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
30519d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
30529d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
30539d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30549d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
30559d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
30569d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
30579d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
30589d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
30599d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30609d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30619d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
30629d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
30639d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
30649d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
30659d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794eea1:<flags> [calling]
30669d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30679d8.d34: supR3HardenedDllNotificationCallback: load 000007feeb460000 LB 0x000e5000 C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
30689d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
30699d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb460000 'C:\Program Files\Oracle\VirtualBox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
30709d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cbc pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
30719d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
30729d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
30739d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
30749d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
30759d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30769d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30779d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
30789d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
30799d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
30809d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
30819d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
30829d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
30839d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
30849d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
30859d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
30869d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc0 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
30879d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
30889d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
30899d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
30909d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
30919d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30929d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30939d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
30949d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
30959d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
30969d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
30979d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30989d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30999d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31009d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31019d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31029d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
31039d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
31049d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31059d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31069d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31079d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31089d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
31099d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
31109d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
31119d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31129d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31139d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31149d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31159d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d651:<flags> [calling]
31169d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31179d8.d34: supR3HardenedDllNotificationCallback: load 000007feebc60000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
31189d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31199d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31209d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb800000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
31219d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
31229d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31239d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794c9c1:<flags> [calling]
31249d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebc60000 'C:\Windows\System32\dsound.dll'
31259d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebc60000 'C:\Windows\System32\dsound.dll'
31269d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
31279d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d731:<flags> [calling]
31289d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebc60000 'C:\Windows\system32\dsound.dll'
31299d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cc4 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31309d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
31319d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
31329d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
31339d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
31349d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31359d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31369d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
31379d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31389d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
31399d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
31409d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31419d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
31429d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
31439d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce8 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
31449d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
31459d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
31469d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
31479d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
31489d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
31499d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
31509d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
31519d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
31529d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
31539d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
31549d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
31559d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
31569d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31579d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31589d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31599d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31609d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31619d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31629d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
31639d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
31649d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
31659d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
31669d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
31679d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
31689d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
31699d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
31709d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
31719d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
31729d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d121:<flags> [calling]
31739d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31749d8.d34: supR3HardenedDllNotificationCallback: load 000007fefbac0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
31759d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31769d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
31779d8.d34: supR3HardenedDllNotificationCallback: load 000007fefc0d0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
31789d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
31799d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea30000 'C:\Windows\system32\ADVAPI32.dll'
31809d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\System32\MMDevApi.dll'
31819d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
31829d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
31839d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d451:<flags> [calling]
31849d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6c0000 'C:\Windows\system32\SETUPAPI.dll'
31859d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
31869d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e331:<flags> [calling]
31879d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff640000 'C:\Windows\system32\SHLWAPI.dll'
31889d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
31899d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e551:<flags> [calling]
31909d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\MMDEVAPI.DLL'
31919d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
31929d8.d7c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
31939d8.d7c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000beff641:<flags> [calling]
31949d8.d7c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9e0000 'C:\Windows\system32\CFGMGR32.dll'
31959d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
31969d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e181:<flags> [calling]
31979d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
31989d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000794dfe1:<flags> [calling]
31999d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
32009d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000794dfe1:<flags> [calling]
32019d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefee60000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
32029d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffb70000 'C:\Windows\system32\RPCRT4.dll'
32039d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32049d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e041:<flags> [calling]
32059d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbac0000 'C:\Windows\system32\MMDevAPI.DLL'
32069d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d18 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32079d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
32089d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
32099d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
32109d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
32119d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32129d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32139d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32149d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32159d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
32169d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
32179d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
32189d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32199d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
32209d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
32219d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32229d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
32239d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
32249d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cd8 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
32259d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
32269d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
32279d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
32289d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
32299d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32309d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
32319d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
32329d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32339d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32349d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32359d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
32369d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
32379d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d38 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
32389d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
32399d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
32409d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
32419d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
32429d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32439d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32449d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
32459d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32469d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
32479d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
32489d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
32499d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
32509d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
32519d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
32529d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
32539d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
32549d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32559d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32569d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
32579d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
32589d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dbb1:<flags> [calling]
32599d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32609d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb100000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
32619d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32629d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32639d8.d34: supR3HardenedDllNotificationCallback: load 0000000075260000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
32649d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
32659d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32669d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb7f0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
32679d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
32689d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
32699d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32709d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dbb1:<flags> [calling]
32719d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
32729d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32739d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
32749d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
32759d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32769d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
32779d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
32789d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
32799d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
32809d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
32819d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d4c pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32829d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
32839d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
32849d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
32859d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_107_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
32869d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
32879d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
32889d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
32899d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
32909d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
32919d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
32929d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
32939d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
32949d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
32959d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
32969d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
32979d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
32989d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
32999d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
33009d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
33019d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33029d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33039d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
33049d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
33059d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
33069d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
33079d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
33089d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33099d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33109d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33119d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33129d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd71:<flags> [calling]
33139d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33149d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb0b0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
33159d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
33169d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\system32\AUDIOSES.DLL'
33179d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33189d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
33199d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33209d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33219d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
33229d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33239d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33249d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33259d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33269d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33279d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33289d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33299d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33309d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
33319d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794dd61:<flags> [calling]
33329d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33339d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33349d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb100000 'C:\Windows\system32\wdmaud.drv'
33359d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d64 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
33369d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
33379d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
33389d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
33399d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
33409d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33419d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33429d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
33439d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
33449d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
33459d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
33469d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
33479d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33489d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
33499d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
33509d8.d34: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
33519d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
33529d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
33539d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d44 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
33549d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
33559d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
33569d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
33579d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
33589d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
33599d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
33609d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
33619d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
33629d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
33639d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
33649d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
33659d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33669d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33679d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33689d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33699d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33709d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33719d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33729d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
33739d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
33749d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
33759d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
33769d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
33779d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
33789d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
33799d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
33809d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
33819d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
33829d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794db61:<flags> [calling]
33839d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33849d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb0a0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
33859d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33869d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33879d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb080000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
33889d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
33899d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
33909d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33919d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
33929d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
33939d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33949d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
33959d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
33969d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
33979d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
33989d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
33999d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34009d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
34019d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34029d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34039d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
34049d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34059d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
34069d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d561:<flags> [calling]
34079d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34089d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34099d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34109d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0a0000 'C:\Windows\system32\msacm32.drv'
34119d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d68 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
34129d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000939130
34139d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000939130
34149d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
34159d8.d34: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
34169d8.d34: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
34179d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
34189d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
34199d8.d34: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
34209d8.d34: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
34219d8.d34: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
34229d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
34239d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
34249d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
34259d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
34269d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
34279d8.d34: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
34289d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794db61:<flags> [calling]
34299d8.d34: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34309d8.d34: supR3HardenedDllNotificationCallback: load 000007fefb070000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
34319d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34329d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb070000 'C:\Windows\system32\midimap.dll'
34339d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34349d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d531:<flags> [calling]
34359d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb070000 'C:\Windows\system32\midimap.dll'
34369d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34379d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d531:<flags> [calling]
34389d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb070000 'C:\Windows\system32\midimap.dll'
34399d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
34409d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794db61:<flags> [calling]
34419d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb070000 'C:\Windows\system32\midimap.dll'
34429d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34439d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34449d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34459d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdaa0000 'C:\Windows\system32\ole32.dll'
34469d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34479d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e181:<flags> [calling]
34489d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34499d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34509d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34519d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34529d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34539d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34549d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34559d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34569d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34579d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34589d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34599d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34609d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34619d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34629d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d721:<flags> [calling]
34639d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebc60000 'C:\Windows\system32\dsound.dll'
34649d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34659d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34669d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34679d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
34689d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794ec41:<flags> [calling]
34699d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34709d8.764: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
34719d8.764: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c22db41:<flags> [calling]
34729d8.764: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0b0000 'C:\Windows\System32\audioses.dll'
34739d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34749d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34759d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
34769d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794d8f1:<flags> [calling]
34779d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feebc60000 'C:\Windows\system32\dsound.dll'
34789d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb290000 'C:\Windows\system32\winmm.dll'
34799d8.d34: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
34809d8.d34: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000794e071:<flags> [calling]
34819d8.d34: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb1a0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
34829d8.e98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff4e0000 'C:\Windows\system32\OLEAUT32.dll'
34839d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
34849d8.dc8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdca0000 'C:\Windows\system32\shell32.dll'
34859d8.cf8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
34869d8.cf8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000715f911:<flags> [calling]
34879d8.cf8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb7f0000 'C:\Windows\system32\avrt.dll'

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy