VirtualBox

Ticket #16886: VBoxHardening.log

File VBoxHardening.log, 349.7 KB (added by Mikha Mikhin, 7 years ago)
Line 
1f08.1904: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2f08.1904: \SystemRoot\System32\ntdll.dll:
3f08.1904: CreationTime: 2017-06-14T06:21:08.090115100Z
4f08.1904: LastWriteTime: 2017-05-12T18:24:12.913140800Z
5f08.1904: ChangeTime: 2017-06-15T05:47:33.965637700Z
6f08.1904: FileAttributes: 0x20
7f08.1904: Size: 0x1a7100
8f08.1904: NT Headers: 0xe0
9f08.1904: Timestamp: 0x5915fdce
10f08.1904: Machine: 0x8664 - amd64
11f08.1904: Timestamp: 0x5915fdce
12f08.1904: Image Version: 6.1
13f08.1904: SizeOfImage: 0x1aa000 (1744896)
14f08.1904: Resource Dir: 0x14e000 LB 0x5a028
15f08.1904: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16f08.1904: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17f08.1904: ProductName: Microsoft® Windows® Operating System
18f08.1904: ProductVersion: 6.1.7601.23807
19f08.1904: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
20f08.1904: FileDescription: NT Layer DLL
21f08.1904: \SystemRoot\System32\kernel32.dll:
22f08.1904: CreationTime: 2017-06-14T06:21:07.245066800Z
23f08.1904: LastWriteTime: 2017-05-12T18:22:33.598000000Z
24f08.1904: ChangeTime: 2017-06-15T05:47:44.027655400Z
25f08.1904: FileAttributes: 0x20
26f08.1904: Size: 0x11c000
27f08.1904: NT Headers: 0xe0
28f08.1904: Timestamp: 0x5915fe13
29f08.1904: Machine: 0x8664 - amd64
30f08.1904: Timestamp: 0x5915fe13
31f08.1904: Image Version: 6.1
32f08.1904: SizeOfImage: 0x11f000 (1175552)
33f08.1904: Resource Dir: 0x116000 LB 0x528
34f08.1904: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35f08.1904: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36f08.1904: ProductName: Microsoft® Windows® Operating System
37f08.1904: ProductVersion: 6.1.7601.23807
38f08.1904: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
39f08.1904: FileDescription: Windows NT BASE API Client DLL
40f08.1904: \SystemRoot\System32\KernelBase.dll:
41f08.1904: CreationTime: 2017-06-14T06:21:07.122059800Z
42f08.1904: LastWriteTime: 2017-05-12T18:22:33.598000000Z
43f08.1904: ChangeTime: 2017-06-15T05:47:44.012055300Z
44f08.1904: FileAttributes: 0x20
45f08.1904: Size: 0x66800
46f08.1904: NT Headers: 0xe8
47f08.1904: Timestamp: 0x5915fe14
48f08.1904: Machine: 0x8664 - amd64
49f08.1904: Timestamp: 0x5915fe14
50f08.1904: Image Version: 6.1
51f08.1904: SizeOfImage: 0x6a000 (434176)
52f08.1904: Resource Dir: 0x68000 LB 0x530
53f08.1904: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54f08.1904: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
55f08.1904: ProductName: Microsoft® Windows® Operating System
56f08.1904: ProductVersion: 6.1.7601.23807
57f08.1904: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
58f08.1904: FileDescription: Windows NT BASE API Client DLL
59f08.1904: \SystemRoot\System32\apisetschema.dll:
60f08.1904: CreationTime: 2017-06-14T06:21:06.728037200Z
61f08.1904: LastWriteTime: 2017-05-12T18:22:28.981000000Z
62f08.1904: ChangeTime: 2017-06-15T05:47:29.925230600Z
63f08.1904: FileAttributes: 0x20
64f08.1904: Size: 0x1a00
65f08.1904: NT Headers: 0xc0
66f08.1904: Timestamp: 0x5915fdad
67f08.1904: Machine: 0x8664 - amd64
68f08.1904: Timestamp: 0x5915fdad
69f08.1904: Image Version: 6.1
70f08.1904: SizeOfImage: 0x50000 (327680)
71f08.1904: Resource Dir: 0x30000 LB 0x3f8
72f08.1904: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73f08.1904: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
74f08.1904: ProductName: Microsoft® Windows® Operating System
75f08.1904: ProductVersion: 6.1.7601.23807
76f08.1904: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
77f08.1904: FileDescription: ApiSet Schema DLL
78f08.1904: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79f08.1904: supR3HardenedWinFindAdversaries: 0x0
80f08.1904: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
81f08.1904: Calling main()
82f08.1904: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
83f08.1904: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
84f08.1904: SUPR3HardenedMain: Respawn #1
85f08.1904: System32: \Device\HarddiskVolume2\Windows\System32
86f08.1904: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
87f08.1904: KnownDllPath: C:\Windows\system32
88f08.1904: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe' has no imports
89f08.1904: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe)
90f08.1904: supR3HardNtEnableThreadCreation:
91f08.1904: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bca360 pvNtTerminateThread=0000000077bec260
92f08.1904: supR3HardenedWinDoReSpawn(1): New child 1c7c.1bd4 [kernel32].
93f08.1904: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
94f08.1904: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077ba0000 uNtDllChildAddr=0000000077ba0000
95f08.1904: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bca360
96f08.1904: supR3HardenedWinSetupChildInit: Start child.
97f08.1904: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 9 ms.
98f08.1904: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
99f08.1904: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
100f08.1904: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
101f08.1904: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
102f08.1904: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
103f08.1904: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
104f08.1904: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
105f08.1904: 0000000000041000-000000000012ffff 0x0001/0x0000 0x0000000
106f08.1904: *0000000000130000-000000000022bfff 0x0000/0x0004 0x0020000
107f08.1904: 000000000022c000-000000000022dfff 0x0104/0x0004 0x0020000
108f08.1904: 000000000022e000-000000000022ffff 0x0004/0x0004 0x0020000
109f08.1904: 0000000000230000-0000000077b9ffff 0x0001/0x0000 0x0000000
110f08.1904: *0000000077ba0000-0000000077ba0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
111f08.1904: 0000000077ba1000-0000000077c9dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
112f08.1904: 0000000077c9e000-0000000077cccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
113f08.1904: 0000000077ccd000-0000000077cd6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
114f08.1904: 0000000077cd7000-0000000077cd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
115f08.1904: 0000000077cd8000-0000000077cdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
116f08.1904: 0000000077cdb000-0000000077d49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
117f08.1904: 0000000077d4a000-000000007efdffff 0x0001/0x0000 0x0000000
118f08.1904: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
119f08.1904: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
120f08.1904: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
121f08.1904: 000000007fff0000-000000013faeffff 0x0001/0x0000 0x0000000
122f08.1904: *000000013faf0000-000000013faf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
123f08.1904: 000000013faf1000-000000013fb60fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
124f08.1904: 000000013fb61000-000000013fb61fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
125f08.1904: 000000013fb62000-000000013fba7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
126f08.1904: 000000013fba8000-000000013fba8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
127f08.1904: 000000013fba9000-000000013fba9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
128f08.1904: 000000013fbaa000-000000013fbaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
129f08.1904: 000000013fbaf000-000000013fbaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
130f08.1904: 000000013fbb0000-000000013fbb0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
131f08.1904: 000000013fbb1000-000000013fbb4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
132f08.1904: 000000013fbb5000-000000013fbfcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
133f08.1904: 000000013fbfd000-000007feffebffff 0x0001/0x0000 0x0000000
134f08.1904: *000007feffec0000-000007feffec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
135f08.1904: 000007feffec1000-000007fffffaffff 0x0001/0x0000 0x0000000
136f08.1904: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
137f08.1904: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
138f08.1904: *000007fffffdd000-000007fffffddfff 0x0004/0x0004 0x0020000
139f08.1904: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
140f08.1904: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
141f08.1904: apisetschema.dll: timestamp 0x5915fdad (rc=VINF_SUCCESS)
142f08.1904: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
143f08.1904: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe' has no imports
144f08.1904: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
145f08.1904: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
146f08.1904: supR3HardNtChildPurify: Done after 311 ms and 0 fixes (loop #0).
1471c7c.1bd4: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
1481c7c.1bd4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077ba0000 g_uNtVerCombined=0x611db100
1491c7c.1bd4: ntdll.dll: timestamp 0x5915fdce (rc=VINF_SUCCESS)
1501c7c.1bd4: New simple heap: #1 0000000000330000 LB 0x400000 (for 1744896 allocation)
151f08.1904: supR3HardNtEnableThreadCreation:
1521c7c.1bd4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
1531c7c.1bd4: System32: \Device\HarddiskVolume2\Windows\System32
1541c7c.1bd4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
1551c7c.1bd4: KnownDllPath: C:\Windows\system32
1561c7c.1bd4: supR3HardenedVmProcessInit: Opening vboxdrv stub...
1571c7c.1bd4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
1581c7c.1bd4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
1591c7c.1bd4: Registered Dll notification callback with NTDLL.
1601c7c.1bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
1611c7c.1bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
1621c7c.1bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
1631c7c.1bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1641c7c.1bd4: supR3HardenedDllNotificationCallback: load 0000000077980000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
1651c7c.1bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
1661c7c.1bd4: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
1671c7c.1bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
1681c7c.1bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1691c7c.1bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077980000 'C:\Windows\system32\kernel32.dll'
1701c7c.1bd4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bca360 pvNtTerminateThread=0000000077bec260
171f08.1904: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 28 ms.
1721c7c.1bd4: \SystemRoot\System32\ntdll.dll:
1731c7c.1bd4: CreationTime: 2017-06-14T06:21:08.090115100Z
1741c7c.1bd4: LastWriteTime: 2017-05-12T18:24:12.913140800Z
1751c7c.1bd4: ChangeTime: 2017-06-15T05:47:33.965637700Z
1761c7c.1bd4: FileAttributes: 0x20
1771c7c.1bd4: Size: 0x1a7100
1781c7c.1bd4: NT Headers: 0xe0
1791c7c.1bd4: Timestamp: 0x5915fdce
1801c7c.1bd4: Machine: 0x8664 - amd64
1811c7c.1bd4: Timestamp: 0x5915fdce
1821c7c.1bd4: Image Version: 6.1
1831c7c.1bd4: SizeOfImage: 0x1aa000 (1744896)
1841c7c.1bd4: Resource Dir: 0x14e000 LB 0x5a028
1851c7c.1bd4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1861c7c.1bd4: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
1871c7c.1bd4: ProductName: Microsoft® Windows® Operating System
1881c7c.1bd4: ProductVersion: 6.1.7601.23807
1891c7c.1bd4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
1901c7c.1bd4: FileDescription: NT Layer DLL
1911c7c.1bd4: \SystemRoot\System32\kernel32.dll:
1921c7c.1bd4: CreationTime: 2017-06-14T06:21:07.245066800Z
1931c7c.1bd4: LastWriteTime: 2017-05-12T18:22:33.598000000Z
1941c7c.1bd4: ChangeTime: 2017-06-15T05:47:44.027655400Z
1951c7c.1bd4: FileAttributes: 0x20
1961c7c.1bd4: Size: 0x11c000
1971c7c.1bd4: NT Headers: 0xe0
1981c7c.1bd4: Timestamp: 0x5915fe13
1991c7c.1bd4: Machine: 0x8664 - amd64
2001c7c.1bd4: Timestamp: 0x5915fe13
2011c7c.1bd4: Image Version: 6.1
2021c7c.1bd4: SizeOfImage: 0x11f000 (1175552)
2031c7c.1bd4: Resource Dir: 0x116000 LB 0x528
2041c7c.1bd4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2051c7c.1bd4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
2061c7c.1bd4: ProductName: Microsoft® Windows® Operating System
2071c7c.1bd4: ProductVersion: 6.1.7601.23807
2081c7c.1bd4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
2091c7c.1bd4: FileDescription: Windows NT BASE API Client DLL
2101c7c.1bd4: \SystemRoot\System32\KernelBase.dll:
2111c7c.1bd4: CreationTime: 2017-06-14T06:21:07.122059800Z
2121c7c.1bd4: LastWriteTime: 2017-05-12T18:22:33.598000000Z
2131c7c.1bd4: ChangeTime: 2017-06-15T05:47:44.012055300Z
2141c7c.1bd4: FileAttributes: 0x20
2151c7c.1bd4: Size: 0x66800
2161c7c.1bd4: NT Headers: 0xe8
2171c7c.1bd4: Timestamp: 0x5915fe14
2181c7c.1bd4: Machine: 0x8664 - amd64
2191c7c.1bd4: Timestamp: 0x5915fe14
2201c7c.1bd4: Image Version: 6.1
2211c7c.1bd4: SizeOfImage: 0x6a000 (434176)
2221c7c.1bd4: Resource Dir: 0x68000 LB 0x530
2231c7c.1bd4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2241c7c.1bd4: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
2251c7c.1bd4: ProductName: Microsoft® Windows® Operating System
2261c7c.1bd4: ProductVersion: 6.1.7601.23807
2271c7c.1bd4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
2281c7c.1bd4: FileDescription: Windows NT BASE API Client DLL
2291c7c.1bd4: \SystemRoot\System32\apisetschema.dll:
2301c7c.1bd4: CreationTime: 2017-06-14T06:21:06.728037200Z
2311c7c.1bd4: LastWriteTime: 2017-05-12T18:22:28.981000000Z
2321c7c.1bd4: ChangeTime: 2017-06-15T05:47:29.925230600Z
2331c7c.1bd4: FileAttributes: 0x20
2341c7c.1bd4: Size: 0x1a00
2351c7c.1bd4: NT Headers: 0xc0
2361c7c.1bd4: Timestamp: 0x5915fdad
2371c7c.1bd4: Machine: 0x8664 - amd64
2381c7c.1bd4: Timestamp: 0x5915fdad
2391c7c.1bd4: Image Version: 6.1
2401c7c.1bd4: SizeOfImage: 0x50000 (327680)
2411c7c.1bd4: Resource Dir: 0x30000 LB 0x3f8
2421c7c.1bd4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
2431c7c.1bd4: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
2441c7c.1bd4: ProductName: Microsoft® Windows® Operating System
2451c7c.1bd4: ProductVersion: 6.1.7601.23807
2461c7c.1bd4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
2471c7c.1bd4: FileDescription: ApiSet Schema DLL
2481c7c.1bd4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
2491c7c.1bd4: supR3HardenedWinFindAdversaries: 0x0
2501c7c.1bd4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
2511c7c.1bd4: Calling main()
2521c7c.1bd4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2531c7c.1bd4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
2541c7c.1bd4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe' has no imports
2551c7c.1bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe)
2561c7c.1bd4: SUPR3HardenedMain: Respawn #2
2571c7c.1bd4: supR3HardNtEnableThreadCreation:
2581c7c.1bd4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
2591c7c.1bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2601c7c.1bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2611c7c.1bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2621c7c.1bd4: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
2631c7c.1bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
2641c7c.1bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\apphelp.dll'
2651c7c.1bd4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bca360 pvNtTerminateThread=0000000077bec260
2661c7c.1bd4: supR3HardenedWinDoReSpawn(2): New child 1974.1ff4 [kernel32].
2671c7c.1bd4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd7000 cbPeb=0x380
2681c7c.1bd4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077ba0000 uNtDllChildAddr=0000000077ba0000
2691c7c.1bd4: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077bca360
2701c7c.1bd4: supR3HardenedWinSetupChildInit: Start child.
2711c7c.1bd4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 5 ms.
2721c7c.1bd4: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
2731c7c.1bd4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2741c7c.1bd4: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2751c7c.1bd4: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2761c7c.1bd4: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
2771c7c.1bd4: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
2781c7c.1bd4: *0000000000040000-000000000013bfff 0x0000/0x0004 0x0020000
2791c7c.1bd4: 000000000013c000-000000000013dfff 0x0104/0x0004 0x0020000
2801c7c.1bd4: 000000000013e000-000000000013ffff 0x0004/0x0004 0x0020000
2811c7c.1bd4: *0000000000140000-0000000000140fff 0x0004/0x0004 0x0020000
2821c7c.1bd4: 0000000000141000-0000000077b9ffff 0x0001/0x0000 0x0000000
2831c7c.1bd4: *0000000077ba0000-0000000077ba0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2841c7c.1bd4: 0000000077ba1000-0000000077c9dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2851c7c.1bd4: 0000000077c9e000-0000000077cccfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2861c7c.1bd4: 0000000077ccd000-0000000077cd6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2871c7c.1bd4: 0000000077cd7000-0000000077cd7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2881c7c.1bd4: 0000000077cd8000-0000000077cdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2891c7c.1bd4: 0000000077cdb000-0000000077d49fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2901c7c.1bd4: 0000000077d4a000-000000007efdffff 0x0001/0x0000 0x0000000
2911c7c.1bd4: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2921c7c.1bd4: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2931c7c.1bd4: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2941c7c.1bd4: 000000007fff0000-000000013faeffff 0x0001/0x0000 0x0000000
2951c7c.1bd4: *000000013faf0000-000000013faf0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
2961c7c.1bd4: 000000013faf1000-000000013fb60fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
2971c7c.1bd4: 000000013fb61000-000000013fb61fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
2981c7c.1bd4: 000000013fb62000-000000013fba7fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
2991c7c.1bd4: 000000013fba8000-000000013fba8fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3001c7c.1bd4: 000000013fba9000-000000013fba9fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3011c7c.1bd4: 000000013fbaa000-000000013fbaefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3021c7c.1bd4: 000000013fbaf000-000000013fbaffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3031c7c.1bd4: 000000013fbb0000-000000013fbb0fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3041c7c.1bd4: 000000013fbb1000-000000013fbb4fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3051c7c.1bd4: 000000013fbb5000-000000013fbfcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe
3061c7c.1bd4: 000000013fbfd000-000007feffebffff 0x0001/0x0000 0x0000000
3071c7c.1bd4: *000007feffec0000-000007feffec0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
3081c7c.1bd4: 000007feffec1000-000007fffffaffff 0x0001/0x0000 0x0000000
3091c7c.1bd4: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3101c7c.1bd4: 000007fffffd3000-000007fffffd6fff 0x0001/0x0000 0x0000000
3111c7c.1bd4: *000007fffffd7000-000007fffffd7fff 0x0004/0x0004 0x0020000
3121c7c.1bd4: 000007fffffd8000-000007fffffddfff 0x0001/0x0000 0x0000000
3131c7c.1bd4: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
3141c7c.1bd4: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3151c7c.1bd4: apisetschema.dll: timestamp 0x5915fdad (rc=VINF_SUCCESS)
3161c7c.1bd4: VirtualBox.exe: timestamp 0x5979cfa2 (rc=VINF_SUCCESS)
3171c7c.1bd4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe' has no imports
3181c7c.1bd4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
3191c7c.1bd4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
3201c7c.1bd4: supR3HardNtChildPurify: Done after 320 ms and 0 fixes (loop #0).
3211974.1ff4: Log file opened: 5.1.26r117224 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
3221974.1ff4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077ba0000 g_uNtVerCombined=0x611db100
3231974.1ff4: ntdll.dll: timestamp 0x5915fdce (rc=VINF_SUCCESS)
3241974.1ff4: New simple heap: #1 0000000000250000 LB 0x400000 (for 1744896 allocation)
3251c7c.1bd4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000330000 LB 0x400000)
3261c7c.1bd4: supR3HardNtEnableThreadCreation:
3271974.1ff4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
3281974.1ff4: System32: \Device\HarddiskVolume2\Windows\System32
3291974.1ff4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
3301974.1ff4: KnownDllPath: C:\Windows\system32
3311974.1ff4: supR3HardenedVmProcessInit: Opening vboxdrv...
3321974.1ff4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
3331974.1ff4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
3341974.1ff4: Registered Dll notification callback with NTDLL.
3351974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
3361974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
3371974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3381974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3391974.1ff4: supR3HardenedDllNotificationCallback: load 0000000077980000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
3401974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
3411974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdbb0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
3421974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
3431974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3441974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077980000 'C:\Windows\system32\kernel32.dll'
3451974.1ff4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077bca360 pvNtTerminateThread=0000000077bec260
3461c7c.1bd4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 29 ms.
3471974.1ff4: \SystemRoot\System32\ntdll.dll:
3481974.1ff4: CreationTime: 2017-06-14T06:21:08.090115100Z
3491974.1ff4: LastWriteTime: 2017-05-12T18:24:12.913140800Z
3501974.1ff4: ChangeTime: 2017-06-15T05:47:33.965637700Z
3511974.1ff4: FileAttributes: 0x20
3521974.1ff4: Size: 0x1a7100
3531974.1ff4: NT Headers: 0xe0
3541974.1ff4: Timestamp: 0x5915fdce
3551974.1ff4: Machine: 0x8664 - amd64
3561974.1ff4: Timestamp: 0x5915fdce
3571974.1ff4: Image Version: 6.1
3581974.1ff4: SizeOfImage: 0x1aa000 (1744896)
3591974.1ff4: Resource Dir: 0x14e000 LB 0x5a028
3601974.1ff4: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
3611974.1ff4: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
3621974.1ff4: ProductName: Microsoft® Windows® Operating System
3631974.1ff4: ProductVersion: 6.1.7601.23807
3641974.1ff4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
3651974.1ff4: FileDescription: NT Layer DLL
3661974.1ff4: \SystemRoot\System32\kernel32.dll:
3671974.1ff4: CreationTime: 2017-06-14T06:21:07.245066800Z
3681974.1ff4: LastWriteTime: 2017-05-12T18:22:33.598000000Z
3691974.1ff4: ChangeTime: 2017-06-15T05:47:44.027655400Z
3701974.1ff4: FileAttributes: 0x20
3711974.1ff4: Size: 0x11c000
3721974.1ff4: NT Headers: 0xe0
3731974.1ff4: Timestamp: 0x5915fe13
3741974.1ff4: Machine: 0x8664 - amd64
3751974.1ff4: Timestamp: 0x5915fe13
3761974.1ff4: Image Version: 6.1
3771974.1ff4: SizeOfImage: 0x11f000 (1175552)
3781974.1ff4: Resource Dir: 0x116000 LB 0x528
3791974.1ff4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3801974.1ff4: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3811974.1ff4: ProductName: Microsoft® Windows® Operating System
3821974.1ff4: ProductVersion: 6.1.7601.23807
3831974.1ff4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
3841974.1ff4: FileDescription: Windows NT BASE API Client DLL
3851974.1ff4: \SystemRoot\System32\KernelBase.dll:
3861974.1ff4: CreationTime: 2017-06-14T06:21:07.122059800Z
3871974.1ff4: LastWriteTime: 2017-05-12T18:22:33.598000000Z
3881974.1ff4: ChangeTime: 2017-06-15T05:47:44.012055300Z
3891974.1ff4: FileAttributes: 0x20
3901974.1ff4: Size: 0x66800
3911974.1ff4: NT Headers: 0xe8
3921974.1ff4: Timestamp: 0x5915fe14
3931974.1ff4: Machine: 0x8664 - amd64
3941974.1ff4: Timestamp: 0x5915fe14
3951974.1ff4: Image Version: 6.1
3961974.1ff4: SizeOfImage: 0x6a000 (434176)
3971974.1ff4: Resource Dir: 0x68000 LB 0x530
3981974.1ff4: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
3991974.1ff4: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
4001974.1ff4: ProductName: Microsoft® Windows® Operating System
4011974.1ff4: ProductVersion: 6.1.7601.23807
4021974.1ff4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
4031974.1ff4: FileDescription: Windows NT BASE API Client DLL
4041974.1ff4: \SystemRoot\System32\apisetschema.dll:
4051974.1ff4: CreationTime: 2017-06-14T06:21:06.728037200Z
4061974.1ff4: LastWriteTime: 2017-05-12T18:22:28.981000000Z
4071974.1ff4: ChangeTime: 2017-06-15T05:47:29.925230600Z
4081974.1ff4: FileAttributes: 0x20
4091974.1ff4: Size: 0x1a00
4101974.1ff4: NT Headers: 0xc0
4111974.1ff4: Timestamp: 0x5915fdad
4121974.1ff4: Machine: 0x8664 - amd64
4131974.1ff4: Timestamp: 0x5915fdad
4141974.1ff4: Image Version: 6.1
4151974.1ff4: SizeOfImage: 0x50000 (327680)
4161974.1ff4: Resource Dir: 0x30000 LB 0x3f8
4171974.1ff4: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
4181974.1ff4: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
4191974.1ff4: ProductName: Microsoft® Windows® Operating System
4201974.1ff4: ProductVersion: 6.1.7601.23807
4211974.1ff4: FileVersion: 6.1.7601.23807 (win7sp1_ldr.170512-0600)
4221974.1ff4: FileDescription: ApiSet Schema DLL
4231974.1ff4: NtOpenDirectoryObject failed on \Driver: 0xc0000022
4241974.1ff4: supR3HardenedWinFindAdversaries: 0x0
4251974.1ff4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
4261974.1ff4: Calling main()
4271974.1ff4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
4281974.1ff4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2'
4291974.1ff4: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe' has no imports
4301974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.exe)
4311974.1ff4: SUPR3HardenedMain: Final process, opening VBoxDrv...
4321974.1ff4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000250000 LB 0x400000)
4331974.1ff4: supR3HardNtEnableThreadCreation:
4341974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll)
4351974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll
4361974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013b6d1:<flags> [calling]
4371974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll [lacks WinVerifyTrust]
4381974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefbb20000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL [fFlags=0x0]
4391974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll [lacks WinVerifyTrust]
4401974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll [lacks WinVerifyTrust]
4411974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000138e51:<flags> [calling]
4421974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb20000 'C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL'
4431974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll [lacks WinVerifyTrust]
4441974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000138e51:<flags> [calling]
4451974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb20000 'C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL'
4461974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb20000 'C:\Program Files\Oracle\VirtualBox2\VBoxSupLib.DLL'
4471974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4481974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
4491974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4501974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
4511974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
4521974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
4531974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
4541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
4551974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
4561974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
4571974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4591974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
4601974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
4611974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
4621974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
4631974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
4641974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
4651974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
4661974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
4671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4691974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
4701974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
4711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
4721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
4731974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
4751974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
4761974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4771974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013d4e1:<flags> [calling]
4781974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4791974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdb60000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
4801974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
4811974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe1c0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
4821974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
4831974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd8c0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
4841974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
4851974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
4861974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
4871974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdde0000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
4881974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
4891974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\Wintrust.dll'
4901974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
4911974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
4921974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013d4e1:<flags> [calling]
4931974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4941974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd1d0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
4951974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
4961974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\bcrypt.dll'
4971974.1ff4: bcrypt.dll loaded at 000007fefd1d0000, BCryptOpenAlgorithmProvider at 000007fefd1d2460, preloading providers:
4981974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
4991974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
5001974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
5011974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
5021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
5031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
5041974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
5051974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5061974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5071974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5081974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
5091974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
5101974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
5111974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5121974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5131974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5141974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5151974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5161974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5171974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013d4c1:<flags> [calling]
5181974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5191974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefcc70000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
5201974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
5211974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefebb0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
5221974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5231974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
5241974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
5251974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
5261974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
5271974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefea60000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
5281974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
5291974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc70000 'C:\Windows\system32\bcryptprimitives.dll'
5301974.1ff4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=00000000006ecfc0)
5311974.1ff4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=00000000006eee80)
5321974.1ff4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=00000000006eefb0)
5331974.1ff4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=00000000006ef1d0)
5341974.1ff4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=00000000006ef300)
5351974.1ff4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=00000000006ef430)
5361974.1ff4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=00000000006ef680)
5371974.1ff4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=00000000006ef7b0)
5381974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
5391974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
5401974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
5411974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
5421974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
5431974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5441974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5451974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5461974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013d031:<flags> [calling]
5471974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5481974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd080000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
5491974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5501974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\CRYPTSP.dll'
5511974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5521974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
5531974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
5541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5551974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5561974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5571974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cfc1:<flags> [calling]
5581974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5591974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
5601974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
5611974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\Windows\system32\rsaenh.dll'
5621974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5631974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c851:<flags> [calling]
5641974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
5651974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
5661974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
5671974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cbd1:<flags> [calling]
5681974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5691974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd730000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
5701974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
5711974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\Windows\system32\CRYPTBASE.dll'
5721974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
5731974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c601:<flags> [calling]
5741974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077980000 'C:\Windows\system32\kernel32.dll'
5751974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
5761974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cf91:<flags> [calling]
5771974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\WINTRUST.DLL'
5781974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
5791974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013cdc1:<flags> [calling]
5801974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\CRYPT32.dll'
5811974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
5821974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
5831974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
5841974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
5851974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
5861974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
5871974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
5881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
5891974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
5901974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
5911974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013ce11:<flags> [calling]
5921974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
5931974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefed10000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
5941974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
5951974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed10000 'C:\Windows\system32\imagehlp.dll'
5961974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
5971974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cf61:<flags> [calling]
5981974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\CRYPTSP.dll'
5991974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
6001974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
6011974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
6021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6041974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
6051974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
6061974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
6071974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
6081974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
6091974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
6101974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
6111974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
6121974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
6131974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
6141974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
6151974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6161974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6171974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6181974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
6191974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
6201974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6211974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
6221974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
6231974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
6241974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
6251974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6261974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6271974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6281974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6291974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6301974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6321974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6331974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6341974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6351974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6361974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6371974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6381974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6391974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6401974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013ca91:<flags> [calling]
6411974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6421974.1ff4: supR3HardenedDllNotificationCallback: load 0000000077aa0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
6431974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6441974.1ff4: supR3HardenedDllNotificationCallback: load 000007feffac0000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
6451974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6461974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe550000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
6471974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
6481974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe560000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
6491974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
6501974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6511974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013bf91:<flags> [calling]
6521974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
6531974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
6541974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
6551974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
6561974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
6571974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
6581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
6591974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
6601974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
6611974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
6621974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
6631974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
6641974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
6651974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
6661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6681974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6701974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6711974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
6731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
6741974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6751974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
6761974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
6771974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
6781974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
6791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
6801974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
6811974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
6821974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
6831974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
6841974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013b8d1:<flags> [calling]
6851974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6861974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdf10000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
6871974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
6881974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe260000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
6891974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
6901974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf10000 'C:\Windows\system32\IMM32.DLL'
6911974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077aa0000 'C:\Windows\system32\USER32.dll'
6921974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
6931974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
6941974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
6951974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
6961974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
6971974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
6981974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
6991974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
7001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7021974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
7041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
7051974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7061974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cd91:<flags> [calling]
7071974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7081974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd200000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
7091974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
7101974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd200000 'C:\Windows\system32\ncrypt.dll'
7111974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
7121974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013cb81:<flags> [calling]
7131974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1d0000 'C:\Windows\system32\bcrypt.dll'
7141974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7151974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
7161974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
7171974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
7181974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
7191974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
7201974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
7211974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7221974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
7231974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
7241974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7251974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7261974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7271974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7281974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7291974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7321974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7331974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c511:<flags> [calling]
7341974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7351974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdb00000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
7361974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
7371974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd8a0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
7381974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
7391974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb00000 'C:\Windows\system32\USERENV.dll'
7401974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
7411974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c271:<flags> [calling]
7421974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7431974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
7441974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c601:<flags> [calling]
7451974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7461974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7471974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
7481974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
7491974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
7501974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
7511974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
7521974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7531974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7551974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7561974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c831:<flags> [calling]
7571974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7581974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefcaf0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
7591974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
7601974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaf0000 'C:\Windows\system32\GPAPI.dll'
7611974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
7621974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c781:<flags> [calling]
7631974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
7641974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
7651974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013be81:<flags> [calling]
7661974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdde0000 'C:\Windows\system32\rpcrt4.dll'
7671974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
7681974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c761:<flags> [calling]
7691974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-Management-L2-1-0.dll'
7701974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
7711974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c771:<flags> [calling]
7721974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
7731974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7741974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
7751974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
7761974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
7771974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
7781974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
7791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
7801974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
7811974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
7821974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
7831974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
7841974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
7851974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
7861974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
7871974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
7881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
7891974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
7901974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7911974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7921974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7931974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
7941974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
7951974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
7961974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c271:<flags> [calling]
7971974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
7981974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef9a20000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
7991974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8001974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe630000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
8011974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
8021974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8031974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8041974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8051974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8061974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8071974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8081974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8091974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8101974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8111974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8121974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8131974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8141974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8151974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8161974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8171974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8181974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000013b4a1:<flags> [calling]
8191974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8201974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8211974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8221974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8231974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8241974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8251974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8261974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8271974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8281974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8291974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8301974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8311974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
8321974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
8331974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8341974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013bb91:<flags> [calling]
8351974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8361974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
8371974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013bb91:<flags> [calling]
8381974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\profapi.dll'
8391974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
8401974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
8411974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
8421974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
8431974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
8441974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8451974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8461974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8471974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
8481974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
8491974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
8501974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
8511974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
8521974.1ff4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
8531974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013b621:<flags> [calling]
8541974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8551974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefec90000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
8561974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
8571974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec90000 'C:\Windows\system32\SHLWAPI.dll'
8581974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
8591974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000737470
8601974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
8611974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A575218B432436539B9CC29F0284AEDDF70E411D
8621974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8631974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c551:<flags> [calling]
8641974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
8651974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8661974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c0b1:<flags> [calling]
8671974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
8681974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8691974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c0b1:<flags> [calling]
8701974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
8711974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
8721974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c551:<flags> [calling]
8731974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
8741974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8751974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c501:<flags> [calling]
8761974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
8771974.1ff4: supR3HardenedIsApiSetDll: '<NULL>' -> true
8781974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000013c1f1:<flags> [calling]
8791974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
8801974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\SystemRoot\System32\ntdll.dll'
8811974.1ff4: g_pfnWinVerifyTrust=000007fefdb61010
8821974.1ff4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
8831974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
8841974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
8851974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
8861974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
8871974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
8881974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8891974.1ff4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
8901974.1ff4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
8911974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
8921974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
8931974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
8941974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
8951974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
8961974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
8971974.1ff4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
8981974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
8991974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9001974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9011974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
9021974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9031974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9041974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
9051974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
9061974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9071974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9081974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C98DA6A5C5D40E628701C3AAF8EA5A40DD2689D2
9091974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_412_for_KB4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9101974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9111974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
9121974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
9131974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9141974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9151974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
9161974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9171974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9181974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
9191974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
9201974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9211974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9221974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
9231974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9241974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9251974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
9261974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
9271974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9281974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9291974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
9301974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
9311974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9321974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
9331974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
9341974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9351974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9361974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
9371974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
9381974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9391974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
9401974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
9411974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9421974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9431974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=361B637BB82A6B3BAC088B3D4635E8CA828BE8A7
9441974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_412_for_KB4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
9451974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9461974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
9471974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
9481974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9491974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9501974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
9511974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
9521974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9531974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
9541974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
9551974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9561974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9571974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
9581974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
9591974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9601974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
9611974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
9621974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9631974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9641974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EFAF060D43CBE108CC0D9F19F7A46C65B71782E8
9651974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
9661974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9671974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
9681974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
9691974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9701974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9711974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54204179B88581EFC0328D16D151171EADAA7023
9721974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
9731974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9741974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
9751974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
9761974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9771974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9781974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C825E345B3737457F9C8CE8AE46B101F3EE4F2D4
9791974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
9801974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9811974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
9821974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
9831974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9841974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9851974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
9861974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
9871974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9881974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
9891974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9901974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9911974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9921974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
9931974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
9941974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
9951974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
9961974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9971974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
9981974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
9991974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F15661E9C4D0061EB4F83A4F4E3940FCD45C8171
10001974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_412_for_KB4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10011974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10021974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
10031974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
10041974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
10051974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10061974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10071974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
10081974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10091974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10101974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
10111974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
10121974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10131974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10141974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
10151974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10161974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10171974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
10181974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
10191974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10201974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10211974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BCFAC6DCF4B2FAFE07E19EEC3D1B91B1A06B287E
10221974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10231974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10241974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
10251974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
10261974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
10271974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10281974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10291974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F9FD1F9C8591649189C6E0079DE04FB574258C34
10301974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_412_for_KB4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
10311974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10321974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
10331974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
10341974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10351974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10361974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
10371974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
10381974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10391974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
10401974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
10411974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10421974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10431974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
10441974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
10451974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10461974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
10471974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
10481974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10491974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10501974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DA598B2323487EDC340C114D1345B3B18BF92181
10511974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_412_for_KB4025341~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
10521974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10531974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
10541974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSupLib.dll'
10551974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
10561974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10571974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10581974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A9B37FD93C563AD17BD4152242826AFB37915942
10591974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
10601974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10611974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
10621974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
10631974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
10641974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
10651974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=05EB7B0D1AE52CE73BAAC1CFDE6BB0BD43E55404
10661974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
10671974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
10681974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
10691974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
10701974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013bff1:<flags> [calling]
10711974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\crypt32.dll'
10721974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
10731974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
10741974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
10751974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
10761974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x77d278dcbe81c700 O=AO Kaspersky Lab, CN=Kaspersky Anti-Virus Personal Root Certificate
10771974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
10781974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
10791974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
10801974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
10811974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xcd198a148135c500 O=Kaspersky Lab ZAO, CN=Kaspersky Anti-Virus Personal Root Certificate
10821974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
10831974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
10841974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
10851974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
10861974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
10871974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
10881974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
10891974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
10901974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
10911974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
10921974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
10931974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
10941974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
10951974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
10961974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
10971974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
10981974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
10991974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
11001974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
11011974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
11021974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
11031974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
11041974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
11051974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
11061974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
11071974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
11081974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
11091974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
11101974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
11111974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
11121974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
11131974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
11141974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
11151974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
11161974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
11171974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
11181974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
11191974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
11201974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
11211974.1ff4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
11221974.1ff4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=50
11231974.1ff4: SUPR3HardenedMain: Load Runtime...
11241974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11251974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
11261974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
11271974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
11281974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll) WinVerifyTrust
11291974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11321974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11331974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11341974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11351974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000450 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11361974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
11371974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
11381974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
11391974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
11401974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11411974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11421974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11431974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
11441974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
11451974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11461974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
11471974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
11481974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
11491974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll) WinVerifyTrust
11501974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
11511974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11521974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
11531974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll) WinVerifyTrust
11541974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
11551974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
11561974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
11571974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
11581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
11591974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
11601974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000464 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
11611974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
11621974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
11631974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
11641974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
11651974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
11661974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
11671974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
11681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
11691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11701974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
11711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11731974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
11741974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c321:<flags> [calling]
11751974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11761974.1ff4: supR3HardenedDllNotificationCallback: load 000007fee1ed0000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll [fFlags=0x0]
11771974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11781974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
11791974.1ff4: supR3HardenedDllNotificationCallback: load 00000000793f0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox2\MSVCR100.dll [fFlags=0x0]
11801974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
11811974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
11821974.1ff4: supR3HardenedDllNotificationCallback: load 00000000791b0000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox2\MSVCP100.dll [fFlags=0x0]
11831974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
11841974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefea80000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
11851974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11861974.1ff4: supR3HardenedDllNotificationCallback: load 000007feffb30000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
11871974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
11881974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11891974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
11901974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
11911974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11921974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
11931974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
11941974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11951974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
11961974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
11971974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
11981974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
11991974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12001974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
12011974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
12021974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12031974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
12041974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
12051974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12061974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12071974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12081974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12091974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12101974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12111974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12121974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12131974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
12141974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
12151974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12161974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12171974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12181974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12191974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12201974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12211974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12221974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12231974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12241974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12251974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12261974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12271974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12281974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12291974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12301974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12311974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxRT.dll
12321974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000139a61:<flags> [calling]
12331974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12341974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12351974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12361974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ed0000 'C:\Program Files\Oracle\VirtualBox2\VBoxRT.dll'
12371974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
12381974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013de81:<flags> [calling]
12391974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\Wintrust.dll'
12401974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
12411974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c9d1:<flags> [calling]
12421974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\crypt32.dll'
12431974.1ff4: SUPR3HardenedMain: Load TrustedMain...
12441974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
12451974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
12461974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
12471974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
12481974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
12491974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
12501974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
12511974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
12521974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
12531974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
12541974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
12551974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
12561974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
12571974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
12581974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
12591974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.dll) WinVerifyTrust
12601974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.dll
12611974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
12621974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
12631974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
12641974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
12651974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
12661974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
12671974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
12681974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12691974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12701974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
12711974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
12721974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
12731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
12741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
12751974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12761974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
12771974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
12781974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
12791974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
12801974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12811974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
12821974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12831974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
12841974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
12851974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
12861974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
12871974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
12881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
12891974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
12901974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
12911974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
12921974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
12931974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E3D6DA21FECCBC3CFB6FD4597280DC013ADD2D59
12941974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
12951974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
12961974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12971974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
12981974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
12991974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
13001974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
13011974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
13021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
13031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
13041974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
13051974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
13061974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
13071974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DBC6DA834E0DA642E3A7EB4466EBDC7921EDD667
13081974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
13091974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13101974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13111974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
13121974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
13131974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
13141974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
13151974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
13161974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
13171974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
13181974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
13191974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13201974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13211974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
13221974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
13231974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
13241974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
13251974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
13261974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
13271974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5OpenGLVBox.dll) WinVerifyTrust
13281974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5OpenGLVBox.dll
13291974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
13301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
13311974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13321974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13331974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
13341974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
13351974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13361974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
13371974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
13381974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
13391974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5PrintSupportVBox.dll) WinVerifyTrust
13401974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5PrintSupportVBox.dll
13411974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
13421974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
13431974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
13441974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13451974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
13461974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
13471974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
13481974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13491974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13501974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll) WinVerifyTrust
13511974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll
13521974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
13531974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5guivbox.dll' [rcNtRedir=0xc0150008]
13541974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
13551974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
13561974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
13571974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
13581974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
13591974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
13601974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
13611974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll) WinVerifyTrust
13621974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
13631974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
13641974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
13651974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
13661974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
13671974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
13681974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
13691974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
13701974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
13711974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
13721974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
13731974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll) WinVerifyTrust
13741974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
13751974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
13761974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
13771974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
13781974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
13791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
13801974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
13811974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
13821974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
13831974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
13841974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
13851974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
13861974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
13871974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
13881974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
13891974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
13901974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
13911974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13921974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
13931974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
13941974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
13951974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
13961974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
13971974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
13981974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
13991974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
14021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
14031974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
14041974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
14051974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
14061974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
14071974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
14081974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14091974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14101974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14111974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
14121974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
14131974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
14141974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
14151974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
14161974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
14171974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
14181974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
14191974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
14201974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
14211974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
14221974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
14231974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
14241974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14251974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14261974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
14271974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
14281974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
14291974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
14301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14321974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
14331974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14341974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14351974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14361974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14371974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14381974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14391974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
14401974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
14411974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14421974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
14431974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
14441974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
14451974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
14461974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
14471974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
14481974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
14491974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
14501974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
14511974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
14521974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
14531974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
14541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
14551974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
14561974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
14571974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14591974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
14601974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14611974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14621974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14631974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14641974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14651974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
14701974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
14711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
14731974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
14741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14751974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14761974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
14771974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14781974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14801974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14811974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
14821974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
14831974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
14841974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
14851974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
14861974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
14871974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
14881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
14891974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
14901974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
14911974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
14921974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
14931974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
14941974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
14951974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
14961974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
14971974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
14981974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
14991974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15011974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
15021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15051974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15061974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15071974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
15081974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
15091974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
15101974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
15111974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15121974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
15131974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
15141974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
15151974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
15161974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15171974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15181974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
15191974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
15201974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
15211974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
15221974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
15231974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
15241974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
15251974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
15261974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
15271974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
15281974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
15291974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
15301974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
15311974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
15321974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
15331974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15341974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15351974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15361974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
15371974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
15381974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15391974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15401974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
15411974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15421974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15431974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
15441974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15451974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15461974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll
15471974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15481974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15491974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15501974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15511974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
15521974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
15531974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
15541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
15551974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
15561974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
15571974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5guivbox.dll' [rcNtRedir=0xc0150008]
15581974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
15591974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
15601974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
15611974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll
15621974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15631974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15641974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15651974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
15671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
15681974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
15691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15701974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15751974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
15761974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15771974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15781974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15801974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15811974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15821974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15831974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15841974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15851974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15861974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15871974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
15891974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
15901974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
15911974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15921974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15931974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15941974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15951974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15961974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15971974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15981974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15991974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
16021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
16031974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
16041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
16051974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
16061974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f4 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
16071974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
16081974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
16091974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
16101974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
16111974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16121974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
16131974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16141974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16151974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
16161974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
16171974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16181974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16191974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
16201974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16211974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16221974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
16231974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
16241974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
16251974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16261974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16271974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16281974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16291974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
16301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
16311974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
16321974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16331974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16341974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
16351974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
16361974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16371974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
16381974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
16391974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
16401974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
16411974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16421974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16431974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
16441974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
16451974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
16461974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
16471974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
16481974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
16491974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f8 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
16501974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
16511974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
16521974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
16531974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
16541974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16551974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
16561974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
16571974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
16581974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
16591974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
16601974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
16611974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
16621974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
16631974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
16641974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16651974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
16671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
16681974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
16691974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
16701974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
16711974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66AD59F39F40705A9BA47254FA40331C3501DB8F
16721974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_363_for_KB4022719~31bf3856ad364e35~amd64~~6.1.1.6.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
16731974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16741974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16751974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
16761974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
16771974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
16781974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
16791974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16801974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16811974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16821974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16831974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
16841974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
16851974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
16861974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
16871974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16891974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
16901974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
16911974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
16921974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
16931974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
16941974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
16951974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
16961974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
16971974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16981974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
16991974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
17001974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
17011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
17021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
17031974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17051974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17061974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17071974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17081974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17091974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17101974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17111974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17121974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17131974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17141974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000514 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17151974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
17161974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
17171974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
17181974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
17191974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17201974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
17211974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
17221974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
17231974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
17241974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17251974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17261974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17271974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17281974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17291974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17301974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
17321974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
17331974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
17341974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
17351974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17361974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17371974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
17381974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
17391974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
17401974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
17411974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17421974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17431974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
17441974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
17451974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17461974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
17471974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
17481974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c331:<flags> [calling]
17491974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.dll
17501974.1ff4: supR3HardenedDllNotificationCallback: load 000007fede4f0000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox2\VirtualBox.dll [fFlags=0x0]
17511974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VirtualBox.dll
17521974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17531974.1ff4: supR3HardenedDllNotificationCallback: load 000007feeade0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
17541974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
17551974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17561974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef9150000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
17571974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
17581974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17591974.1ff4: supR3HardenedDllNotificationCallback: load 000007feeace0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
17601974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
17611974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17621974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefbb10000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
17631974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
17641974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe370000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
17651974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
17661974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdb20000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
17671974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
17681974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefead0000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
17691974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
17701974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x001fc000 C:\Windows\system32\ole32.dll [fFlags=0x0]
17711974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
17721974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefda30000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
17731974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
17741974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17751974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefb570000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
17761974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
17771974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
17781974.1ff4: supR3HardenedDllNotificationCallback: load 0000000066d90000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll [fFlags=0x0]
17791974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
17801974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefed30000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
17811974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
17821974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17831974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef5800000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
17841974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
17851974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
17861974.1ff4: supR3HardenedDllNotificationCallback: load 000007fee0740000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll [fFlags=0x0]
17871974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
17881974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll
17891974.1ff4: supR3HardenedDllNotificationCallback: load 0000000064630000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll [fFlags=0x0]
17901974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5WidgetsVBox.dll
17911974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5PrintSupportVBox.dll
17921974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef6880000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox2\Qt5PrintSupportVBox.dll [fFlags=0x0]
17931974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5PrintSupportVBox.dll
17941974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
17951974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef5d80000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
17961974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
17971974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefe9c0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
17981974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
17991974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
18001974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
18011974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
18021974.1ff4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
18031974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
18041974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef5e00000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
18051974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
18061974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5OpenGLVBox.dll
18071974.1ff4: supR3HardenedDllNotificationCallback: load 0000000062560000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox2\Qt5OpenGLVBox.dll [fFlags=0x0]
18081974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5OpenGLVBox.dll
18091974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18101974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefb6d0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
18111974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18121974.1ff4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
18131974.1ff4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
18141974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18151974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18161974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18171974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18181974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18191974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18201974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18211974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013b901:<flags> [calling]
18221974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf10000 'C:\Windows\system32\imm32.dll'
18231974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.DLL'
18241974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18251974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
18261974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\Windows\system32\cryptbase.dll'
18271974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fede4f0000 'C:\Program Files\Oracle\VirtualBox2\VirtualBox.dll'
18281974.1ff4: SUPR3HardenedMain: Calling TrustedMain (000007fede4f1610)...
18291974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18301974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013dc71:<flags> [calling]
18311974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
18321974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
18331974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
18341974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013c351:<flags> [calling]
18351974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8a0000 'C:\Windows\system32\profapi.dll'
18361974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
18371974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
18381974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
18391974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
18401974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
18411974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
18421974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
18431974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
18441974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
18451974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
18461974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
18471974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll) WinVerifyTrust
18481974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll
18491974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
18501974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
18511974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
18521974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5corevbox.dll' [rcNtRedir=0xc0150008]
18531974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5CoreVBox.dll
18541974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
18551974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\qt5guivbox.dll' [rcNtRedir=0xc0150008]
18561974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\Qt5GuiVBox.dll
18571974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
18581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
18591974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
18601974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
18611974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
18621974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
18631974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
18641974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18651974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
18661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
18671974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
18681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
18691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
18701974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
18711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
18721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
18731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
18741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
18751974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
18761974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
18771974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
18781974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013e641:<flags> [calling]
18791974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll
18801974.1ff4: supR3HardenedDllNotificationCallback: load 000007fee4ee0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll [fFlags=0x0]
18811974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll
18821974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4ee0000 'C:\Program Files\Oracle\VirtualBox2\platforms\qwindows.dll'
18831974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
18841974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013e571:<flags> [calling]
18851974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd730000 'C:\Windows\system32\CRYPTBASE.dll'
18861974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ac pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
18871974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000000737470
18881974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000737470
18891974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=578AB85BF149ED25EA7FF460A4A5587C358F87A2
18901974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
18911974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000004dd4a0
18921974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
18931974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=578AB85BF149ED25EA7FF460A4A5587C358F87A2
18941974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
18951974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000004dcea0
18961974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dcea0
18971974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=ED5609FFC7BAE0ED78268412C94F4C9DCC9846373D5FC0D19E577B2F7825ED71
18981974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
18991974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
19001974.1ff4: supHardenedWinVerifyImageByHandle: -> -22900 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
19011974.1ff4: Error (rc=0):
19021974.1ff4: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll: Not signed.
1903'\Device\HarddiskVolume2\Windows\System32\uxtheme.dll' is most likely modified.
19041974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19051974.1ff4: Error (rc=0):
19061974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19071974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19081974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19091974.1ff4: Error (rc=0):
19101974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19111974.1ff4: Error (rc=0):
19121974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19131974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19141974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19151974.1ff4: Error (rc=0):
19161974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19171974.1ff4: Error (rc=0):
19181974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19191974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19201974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19211974.1ff4: Error (rc=0):
19221974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19231974.1ff4: Error (rc=0):
19241974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19251974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19261974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19271974.1ff4: Error (rc=0):
19281974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19291974.1ff4: Error (rc=0):
19301974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19311974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19321974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19331974.1ff4: Error (rc=0):
19341974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19351974.1ff4: Error (rc=0):
19361974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19371974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19381974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077aa0000 'C:\Windows\system32\user32.dll'
19391974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19401974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013e881:<flags> [calling]
19411974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\shell32.dll'
19421974.1ff4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
19431974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
19441974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19451974.1ff4: Error (rc=0):
19461974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19471974.1ff4: Error (rc=0):
19481974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19491974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19501974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19511974.1ff4: Error (rc=0):
19521974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19531974.1ff4: Error (rc=0):
19541974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19551974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19561974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19571974.1ff4: Error (rc=0):
19581974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19591974.1ff4: Error (rc=0):
19601974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19611974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19621974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19631974.1ff4: Error (rc=0):
19641974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
19651974.1ff4: Error (rc=0):
19661974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
19671974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
19681974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19691974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013eca1:<flags> [calling]
19701974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
19711974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
19721974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013eca1:<flags> [calling]
19731974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
19741974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
19751974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013ef81:<flags> [calling]
19761974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\shell32.dll'
19771974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\advapi32.dll'
19781974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
19791974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013eeb1:<flags> [calling]
19801974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb00000 'C:\Windows\system32\userenv.dll'
19811974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
19821974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013ef91:<flags> [calling]
19831974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077980000 'C:\Windows\system32\kernel32.dll'
19841974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000454 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19851974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
19861974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
19871974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
19881974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
19891974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19901974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
19911974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
19921974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
19931974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
19941974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
19951974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
19961974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
19971974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
19981974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
19991974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20021974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20051974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
20061974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
20071974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
20081974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20091974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20101974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20111974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
20121974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
20131974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013bc61:<flags> [calling]
20141974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20151974.1ff4: supR3HardenedDllNotificationCallback: load 000007feffb40000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
20161974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
20171974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffb40000 'C:\Windows\system32\CLBCatQ.DLL'
20181974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
20191974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
20201974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013aab1:<flags> [calling]
20211974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd080000 'C:\Windows\system32\CRYPTSP.dll'
20221974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000420 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20231974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
20241974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
20251974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
20261974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
20271974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20281974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
20291974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
20301974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20311974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20321974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20331974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013a671:<flags> [calling]
20341974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20351974.1ff4: supR3HardenedDllNotificationCallback: load 000007fefd7e0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
20361974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
20371974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7e0000 'C:\Windows\system32\RpcRtRemote.dll'
20381974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20391974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
20401974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
20411974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
20421974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20431974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20441974.1fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxC.dll) WinVerifyTrust
20451974.1fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxC.dll
20461974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20471974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20481974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20491974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20501974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20511974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
20521974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20531974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20541974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20551974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
20561974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
20571974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
20581974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
20591974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20601974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
20611974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571e691:<flags> [calling]
20621974.1fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxC.dll
20631974.1fa4: supR3HardenedDllNotificationCallback: load 000007fee2820000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox2\VBoxC.dll [fFlags=0x0]
20641974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxC.dll
20651974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2820000 'C:\Program Files\Oracle\VirtualBox2\VBoxC.dll'
20661974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
20671974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
20681974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
20691974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
20701974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
20711974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
20721974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
20731974.1fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll) WinVerifyTrust
20741974.1fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll
20751974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
20761974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
20771974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
20781974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
20791974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
20801974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
20811974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
20821974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
20831974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
20841974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
20851974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
20861974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
20871974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
20881974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
20891974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
20901974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
20911974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571d131:<flags> [calling]
20921974.1fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll
20931974.1fa4: supR3HardenedDllNotificationCallback: load 000007feee220000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll [fFlags=0x0]
20941974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll
20951974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feee220000 'C:\Program Files\Oracle\VirtualBox2\VBoxProxyStub.dll'
20961974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000620 pwszName=\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
20971974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
20981974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
20991974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66DB5F28C5BA0EDD9CAD2DDAB24F1A6AD9F2B6A3
21001974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntph.cat'; file='\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll'
21011974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21021974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21031974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21041974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'version.dll'.
21051974.1fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msiltcfg.dll) WinVerifyTrust
21061974.1fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
21071974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
21081974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
21091974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000624 pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
21101974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
21111974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
21121974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
21131974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
21141974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21151974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
21161974.1fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
21171974.1fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
21181974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21191974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21201974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21211974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21221974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
21231974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21241974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21251974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571cbd1:<flags> [calling]
21261974.1fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
21271974.1fa4: supR3HardenedDllNotificationCallback: load 000007fef4b50000 LB 0x00009000 C:\Windows\system32\msiltcfg.dll [fFlags=0x0]
21281974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
21291974.1fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21301974.1fa4: supR3HardenedDllNotificationCallback: load 000007fefc880000 LB 0x0000c000 C:\Windows\system32\VERSION.dll [fFlags=0x0]
21311974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
21321974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b50000 'C:\Windows\system32\msiltcfg.dll'
21331974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077aa0000 'C:\Windows\system32\user32.dll'
21341974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000063c pwszName=\Device\HarddiskVolume2\Windows\System32\msi.dll
21351974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
21361974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
21371974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F944F6146801CF0F4F54025A7B8B5790AA34D3CD
21381974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_175_for_KB3207752~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\msi.dll'
21391974.1fa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
21401974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
21411974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
21421974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
21431974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
21441974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
21451974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
21461974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'shlwapi.dll'.
21471974.1fa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
21481974.1fa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msi.dll) WinVerifyTrust
21491974.1fa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msi.dll
21501974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
21511974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
21521974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
21531974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
21541974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
21551974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21561974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21571974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
21581974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
21591974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
21601974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
21611974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
21621974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
21631974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
21641974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
21651974.1fa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
21661974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
21671974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
21681974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
21691974.1fa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
21701974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msi.dll (Input=msi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571cb91:<flags> [calling]
21711974.1fa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
21721974.1fa4: supR3HardenedDllNotificationCallback: load 000007fef4830000 LB 0x0031e000 C:\Windows\system32\msi.dll [fFlags=0x0]
21731974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msi.dll
21741974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4830000 'C:\Windows\system32\msi.dll'
21751974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msiltcfg.dll
21761974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msiltcfg.dll (Input=msiltcfg.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571cb91:<flags> [calling]
21771974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4b50000 'C:\Windows\system32\msiltcfg.dll'
21781974.1fa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
21791974.1fa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000571cfc1:<flags> [calling]
21801974.1fa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefead0000 'C:\Windows\system32\oleaut32.dll'
21811974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
21821974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffac0000 'C:\Windows\system32\gdi32.dll'
21831974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21841974.1ff4: Error (rc=0):
21851974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21861974.1ff4: Error (rc=0):
21871974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
21881974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
21891974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21901974.1ff4: Error (rc=0):
21911974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=64 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
21921974.1ff4: Error (rc=0):
21931974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
21941974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
21951974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\shell32.dll'
21961974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21971974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
21981974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
21991974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll) WinVerifyTrust
22001974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
22011974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22021974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
22031974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
22041974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrem.dll' [rcNtRedir=0xc0150008]
22051974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
22061974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
22071974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
22081974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxREM.dll) WinVerifyTrust
22091974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxREM.dll
22101974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
22111974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
22121974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22131974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22141974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
22151974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxvmm.dll' [rcNtRedir=0xc0150008]
22161974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
22171974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
22181974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
22191974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001392e1:<flags> [calling]
22201974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
22211974.1ff4: supR3HardenedDllNotificationCallback: load 000007fee0480000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox2\VBoxVMM.DLL [fFlags=0x0]
22221974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
22231974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxREM.dll
22241974.1ff4: supR3HardenedDllNotificationCallback: load 000000006ef60000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox2\VBoxREM.dll [fFlags=0x0]
22251974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxREM.dll
22261974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0480000 'C:\Program Files\Oracle\VirtualBox2\VBoxVMM.DLL'
22271974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22281974.1ff4: Error (rc=0):
22291974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=128 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22301974.1ff4: Error (rc=0):
22311974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
22321974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
22331974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
22341974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
22351974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22361974.1ff4: Error (rc=0):
22371974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=256 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
22381974.1ff4: Error (rc=0):
22391974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
22401974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
22411974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
22421974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000013a311:<flags> [calling]
22431974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe260000 'C:\Windows\system32\MSCTF.dll'
22441974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\shell32.dll'
22451974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\shell32.dll'
22461974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
22471974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22481974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000137eb1:<flags> [calling]
22491974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefead0000 'C:\Windows\system32\OLEAUT32.dll'
22501974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22511974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
22521974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
22531974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
22541974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
22551974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22561974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22571974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
22581974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
22591974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
22601974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
22611974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
22621974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
22631974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
22641974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22651974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22661974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22691974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22701974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
22731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
22741974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
22751974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000950 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22761974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
22771974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
22781974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
22791974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
22801974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22811974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
22821974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
22831974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
22841974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22851974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
22861974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
22871974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
22881974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
22891974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
22901974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
22911974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
22921974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22931974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
22941974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
22951974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22961974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22971974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22981974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22991974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23001974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23011974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000136741:<flags> [calling]
23021974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23031974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef6fb0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
23041974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
23051974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23061974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef7420000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
23071974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23081974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6fb0000 'C:\Windows\system32\wbem\wbemprox.dll'
23091974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000978 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23101974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
23111974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
23121974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
23131974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
23141974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23151974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23161974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
23171974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
23181974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23191974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23201974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23211974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23221974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23231974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000136381:<flags> [calling]
23241974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23251974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef6f90000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
23261974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
23271974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6f90000 'C:\Windows\system32\wbem\wbemsvc.dll'
23281974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23291974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
23301974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
23311974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
23321974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
23331974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23341974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23351974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
23361974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
23371974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
23381974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
23391974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
23401974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
23411974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23421974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
23431974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
23441974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000096c pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23451974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
23461974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
23471974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
23481974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
23491974.1ff4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23501974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23511974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
23521974.1ff4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
23531974.1ff4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
23541974.1ff4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23551974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
23561974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
23571974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
23581974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
23591974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
23601974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
23611974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23621974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
23631974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
23641974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
23651974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23661974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23671974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
23681974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
23691974.1ff4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
23701974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
23711974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
23721974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
23731974.1ff4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
23741974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001363c1:<flags> [calling]
23751974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23761974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef7210000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
23771974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
23781974.1ff4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23791974.1ff4: supR3HardenedDllNotificationCallback: load 000007fef6fc0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
23801974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
23811974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7210000 'C:\Windows\system32\wbem\fastprox.dll'
23821974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefead0000 'C:\Windows\system32\OLEAUT32.dll'
23831974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23841974.1ff4: Error (rc=0):
23851974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=512 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
23861974.1ff4: Error (rc=0):
23871974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
23881974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
23891974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
23901974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefead0000 'C:\Windows\system32\OLEAUT32.DLL'
23911974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
23921974.1ff4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000136181:<flags> [calling]
23931974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\WINMM.dll'
23941974.1f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
23951974.1f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
23961974.1f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
23971974.1f40: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
23981974.1f40: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.dll) WinVerifyTrust
23991974.1f40: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.dll
24001974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24011974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24021974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24031974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
24041974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
24051974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxvmm.dll' [rcNtRedir=0xc0150008]
24061974.1f40: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
24071974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24081974.1f40: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
24091974.1f40: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008c1d831:<flags> [calling]
24101974.1f40: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.dll
24111974.1f40: supR3HardenedDllNotificationCallback: load 000007fefbb00000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.DLL [fFlags=0x0]
24121974.1f40: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.dll
24131974.1f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbb00000 'C:\Program Files\Oracle\VirtualBox2\VBoxSharedClipboard.DLL'
24141974.1f40: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077aa0000 'C:\Windows\system32\User32.dll'
24151974.1304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24161974.1304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24171974.1304: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24181974.1304: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.dll) WinVerifyTrust
24191974.1304: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.dll
24201974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24211974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
24221974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24231974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
24241974.1304: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll
24251974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24261974.1304: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
24271974.1304: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a7fd8a1:<flags> [calling]
24281974.1304: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.dll
24291974.1304: supR3HardenedDllNotificationCallback: load 000007fefadf0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.DLL [fFlags=0x0]
24301974.1304: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.dll
24311974.1304: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefadf0000 'C:\Program Files\Oracle\VirtualBox2\VBoxDragAndDropSvc.DLL'
24321974.1bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24331974.1bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24341974.1bd0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24351974.1bd0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.dll) WinVerifyTrust
24361974.1bd0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.dll
24371974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24381974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
24391974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24401974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
24411974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24421974.1bd0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
24431974.1bd0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll
24441974.1bd0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000a90dd51:<flags> [calling]
24451974.1bd0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.dll
24461974.1bd0: supR3HardenedDllNotificationCallback: load 000007fef9140000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.DLL [fFlags=0x0]
24471974.1bd0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.dll
24481974.1bd0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9140000 'C:\Program Files\Oracle\VirtualBox2\VBoxGuestPropSvc.DLL'
24491974.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24501974.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
24511974.1ae8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24521974.1ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.dll) WinVerifyTrust
24531974.1ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.dll
24541974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
24551974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
24561974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24571974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcp100.dll' [rcNtRedir=0xc0150008]
24581974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24591974.1ae8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
24601974.1ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ac5de91:<flags> [calling]
24611974.1ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.dll
24621974.1ae8: supR3HardenedDllNotificationCallback: load 000007fef6850000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.DLL [fFlags=0x0]
24631974.1ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.dll
24641974.1ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6850000 'C:\Program Files\Oracle\VirtualBox2\VBoxGuestControlSvc.DLL'
24651974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed30000 'C:\Windows\system32\Shell32.dll'
24661974.1898: supR3HardenedIsApiSetDll: '<NULL>' -> true
24671974.1898: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000082192a1:<flags> [calling]
24681974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
24691974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24701974.1ff4: Error (rc=0):
24711974.1ff4: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1024 \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
24721974.1ff4: Error (rc=0):
24731974.1ff4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Windows\system32\uxtheme.dll' (C:\Windows\system32\uxtheme.dll): rcNt=0xc0000190
24741974.1ff4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Windows\system32\uxtheme.dll'
24751974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
24761974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
24771974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
24781974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
24791974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
24801974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
24811974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
24821974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
24831974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
24841974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
24851974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD.dll) WinVerifyTrust
24861974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD.dll
24871974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
24881974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
24891974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
24901974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
24911974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
24921974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
24931974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
24941974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24951974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24961974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
24971974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
24981974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
24991974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
25001974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25011974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
25021974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
25031974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
25041974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
25051974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
25061974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25071974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25081974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25091974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25101974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25111974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
25121974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxdd2.dll' [rcNtRedir=0xc0150008]
25131974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25141974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25151974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD2.dll) WinVerifyTrust
25161974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD2.dll
25171974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
25181974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxddu.dll' [rcNtRedir=0xc0150008]
25191974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25201974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
25211974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25221974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
25231974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
25241974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDDU.dll) WinVerifyTrust
25251974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDDU.dll
25261974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25271974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
25281974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
25291974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxvmm.dll' [rcNtRedir=0xc0150008]
25301974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
25311974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25321974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
25331974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
25341974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
25351974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25361974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25371974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
25381974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25391974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25401974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25411974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
25421974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25431974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
25441974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
25451974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
25461974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25471974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
25481974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25491974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25501974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
25511974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
25521974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b9c pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
25531974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
25541974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
25551974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
25561974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
25571974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25581974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25591974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
25601974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
25611974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
25621974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25631974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25641974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25651974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25661974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25671974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25681974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
25691974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
25701974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
25711974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
25721974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
25731974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25741974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25751974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d791:<flags> [calling]
25761974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD.dll
25771974.1898: supR3HardenedDllNotificationCallback: load 000007feddb30000 LB 0x009b2000 C:\Program Files\Oracle\VirtualBox2\VBoxDD.DLL [fFlags=0x0]
25781974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD.dll
25791974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDDU.dll
25801974.1898: supR3HardenedDllNotificationCallback: load 000007feed7b0000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox2\VBoxDDU.dll [fFlags=0x0]
25811974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDDU.dll
25821974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD2.dll
25831974.1898: supR3HardenedDllNotificationCallback: load 000007fee5180000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox2\VBoxDD2.dll [fFlags=0x0]
25841974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD2.dll
25851974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25861974.1898: supR3HardenedDllNotificationCallback: load 000007fefa7a0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
25871974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
25881974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25891974.1898: supR3HardenedDllNotificationCallback: load 000007fefa780000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
25901974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
25911974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feddb30000 'C:\Program Files\Oracle\VirtualBox2\VBoxDD.DLL'
25921974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxC.dll
25931974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d791:<flags> [calling]
25941974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2820000 'C:\Program Files\Oracle\VirtualBox2\VBoxC.DLL'
25951974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxDD2.dll
25961974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d6a1:<flags> [calling]
25971974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5180000 'C:\Program Files\Oracle\VirtualBox2\VBoxDD2.DLL'
25981974.1d78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
25991974.1d78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
26001974.1d78: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
26011974.1d78: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.dll) WinVerifyTrust
26021974.1d78: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.dll
26031974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
26041974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxrt.dll' [rcNtRedir=0xc0150008]
26051974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
26061974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\vboxvmm.dll' [rcNtRedir=0xc0150008]
26071974.1d78: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxVMM.dll
26081974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
26091974.1d78: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\msvcr100.dll' [rcNtRedir=0xc0150008]
26101974.1d78: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e10dd61:<flags> [calling]
26111974.1d78: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.dll
26121974.1d78: supR3HardenedDllNotificationCallback: load 000007fef6810000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.DLL [fFlags=0x0]
26131974.1d78: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.dll
26141974.1d78: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6810000 'C:\Program Files\Oracle\VirtualBox2\VBoxSharedFolders.DLL'
26151974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26161974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d631:<flags> [calling]
26171974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\Iphlpapi.dll'
26181974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cdc pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26191974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
26201974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
26211974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
26221974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
26231974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26241974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26251974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26261974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
26271974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
26281974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
26291974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26301974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
26311974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
26321974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
26331974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26341974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26351974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26361974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26371974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26381974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26391974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26401974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e7d1:<flags> [calling]
26411974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26421974.1898: supR3HardenedDllNotificationCallback: load 000007fefa6b0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
26431974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
26441974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa6b0000 'C:\Windows\system32\dhcpcsvc.DLL'
26451974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26461974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e431:<flags> [calling]
26471974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\IPHLPAPI.DLL'
26481974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
26491974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
26501974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
26511974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
26521974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
26531974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26541974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26551974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26561974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
26571974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
26581974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
26591974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
26601974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
26611974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
26621974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26631974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26641974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26651974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26661974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e781:<flags> [calling]
26671974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
26681974.1898: supR3HardenedDllNotificationCallback: load 000007fefa690000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
26691974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
26701974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa690000 'C:\Windows\system32\dhcpcsvc6.DLL'
26711974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
26721974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e4a1:<flags> [calling]
26731974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\IPHLPAPI.DLL'
26741974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dbc pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
26751974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
26761974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
26771974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
26781974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
26791974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26801974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26811974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
26821974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26831974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
26841974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
26851974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
26861974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
26871974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
26881974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
26891974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
26901974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc0 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
26911974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
26921974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
26931974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
26941974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
26951974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26961974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26971974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
26981974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
26991974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
27001974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27011974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
27021974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
27031974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27041974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27051974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27061974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27071974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27081974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27091974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27101974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27111974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27121974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
27131974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
27141974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27151974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27161974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27171974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27181974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27191974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d581:<flags> [calling]
27201974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27211974.1898: supR3HardenedDllNotificationCallback: load 000007fef4130000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
27221974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27231974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27241974.1898: supR3HardenedDllNotificationCallback: load 000007fefc300000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
27251974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
27261974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27271974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821c8f1:<flags> [calling]
27281974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4130000 'C:\Windows\System32\dsound.dll'
27291974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4130000 'C:\Windows\System32\dsound.dll'
27301974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
27311974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d661:<flags> [calling]
27321974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4130000 'C:\Windows\system32\dsound.dll'
27331974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dc4 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27341974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
27351974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
27361974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
27371974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
27381974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27391974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27401974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27411974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27421974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
27431974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
27441974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27451974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
27461974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
27471974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de8 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
27481974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
27491974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
27501974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
27511974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
27521974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
27531974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
27541974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
27551974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
27561974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
27571974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
27581974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
27591974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
27601974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27611974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27621974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27631974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27641974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27651974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27661974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
27671974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
27681974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27691974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27701974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
27711974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
27721974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
27731974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
27741974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
27751974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
27761974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d051:<flags> [calling]
27771974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27781974.1898: supR3HardenedDllNotificationCallback: load 000007fefc2b0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
27791974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27801974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27811974.1898: supR3HardenedDllNotificationCallback: load 000007fefc180000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
27821974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
27831974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'C:\Windows\system32\ADVAPI32.dll'
27841974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\Windows\System32\MMDevApi.dll'
27851974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
27861974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27871974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d381:<flags> [calling]
27881974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe370000 'C:\Windows\system32\SETUPAPI.dll'
27891974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
27901974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e261:<flags> [calling]
27911974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefec90000 'C:\Windows\system32\SHLWAPI.dll'
27921974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
27931974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e481:<flags> [calling]
27941974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\Windows\system32\MMDEVAPI.DLL'
27951974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
27961974.1178: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27971974.1178: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000d8ff601:<flags> [calling]
27981974.1178: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb20000 'C:\Windows\system32\CFGMGR32.dll'
27991974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28001974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e0b1:<flags> [calling]
28011974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
28021974.1898: supR3HardenedIsApiSetDll: '<NULL>' -> true
28031974.1898: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000821df11:<flags> [calling]
28041974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-Management-L1-1-0.dll'
28051974.1898: supR3HardenedIsApiSetDll: '<NULL>' -> true
28061974.1898: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000821df11:<flags> [calling]
28071974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
28081974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdde0000 'C:\Windows\system32\RPCRT4.dll'
28091974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28101974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821df71:<flags> [calling]
28111974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc2b0000 'C:\Windows\system32\MMDevAPI.DLL'
28121974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e20 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28131974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
28141974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
28151974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
28161974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
28171974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28181974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28191974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28201974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28211974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
28221974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
28231974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
28241974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
28251974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
28261974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
28271974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28281974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
28291974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
28301974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e24 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
28311974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
28321974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
28331974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
28341974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
28351974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28361974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
28371974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
28381974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
28391974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
28401974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
28411974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
28421974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
28431974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
28441974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
28451974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
28461974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
28471974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
28481974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28491974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28501974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
28511974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28521974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28531974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28541974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28551974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28561974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28571974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28581974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
28591974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
28601974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28611974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28621974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28631974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28641974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dae1:<flags> [calling]
28651974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28661974.1898: supR3HardenedDllNotificationCallback: load 000007fefb640000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
28671974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28681974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28691974.1898: supR3HardenedDllNotificationCallback: load 0000000074dd0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
28701974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
28711974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28721974.1898: supR3HardenedDllNotificationCallback: load 000007fefc170000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
28731974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
28741974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
28751974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28761974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dae1:<flags> [calling]
28771974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
28781974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28791974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dc91:<flags> [calling]
28801974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
28811974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28821974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dc91:<flags> [calling]
28831974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
28841974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
28851974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dc91:<flags> [calling]
28861974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
28871974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e5c pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
28881974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
28891974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
28901974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
28911974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_107_for_KB4015549~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
28921974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28931974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28941974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
28951974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
28961974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
28971974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28981974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
28991974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
29001974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
29011974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29021974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29031974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29041974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29051974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
29061974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
29071974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29081974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29091974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
29101974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
29111974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
29121974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
29131974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29141974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29151974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29161974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29171974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dca1:<flags> [calling]
29181974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29191974.1898: supR3HardenedDllNotificationCallback: load 000007fefb0d0000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
29201974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
29211974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0d0000 'C:\Windows\system32\AUDIOSES.DLL'
29221974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29231974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dc91:<flags> [calling]
29241974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
29251974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
29261974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821dc91:<flags> [calling]
29271974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
29281974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb640000 'C:\Windows\system32\wdmaud.drv'
29291974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e60 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
29301974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
29311974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
29321974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
29331974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
29341974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29351974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29361974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
29371974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
29381974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
29391974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
29401974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
29411974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29421974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
29431974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
29441974.1898: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
29451974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
29461974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
29471974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e68 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
29481974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
29491974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
29501974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
29511974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
29521974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
29531974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
29541974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
29551974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
29561974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
29571974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
29581974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
29591974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29601974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29611974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29621974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29631974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29641974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29651974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29661974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
29671974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
29681974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
29691974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
29701974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
29711974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
29721974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
29731974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
29741974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
29751974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
29761974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821da91:<flags> [calling]
29771974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29781974.1898: supR3HardenedDllNotificationCallback: load 000007fefb0c0000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
29791974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29801974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29811974.1898: supR3HardenedDllNotificationCallback: load 000007fefb0a0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
29821974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
29831974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29841974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29851974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
29861974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29871974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29881974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
29891974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29901974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29911974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
29921974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29931974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29941974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
29951974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29961974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
29971974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
29981974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
29991974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
30001974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d491:<flags> [calling]
30011974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
30021974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
30031974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
30041974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0c0000 'C:\Windows\system32\msacm32.drv'
30051974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e48 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
30061974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
30071974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
30081974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
30091974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
30101974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30111974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
30121974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
30131974.1898: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
30141974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
30151974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
30161974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
30171974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
30181974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
30191974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
30201974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
30211974.1898: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
30221974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821da91:<flags> [calling]
30231974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30241974.1898: supR3HardenedDllNotificationCallback: load 000007fefb090000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
30251974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30261974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\midimap.dll'
30271974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30281974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d461:<flags> [calling]
30291974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\midimap.dll'
30301974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30311974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d461:<flags> [calling]
30321974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\midimap.dll'
30331974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
30341974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821da91:<flags> [calling]
30351974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb090000 'C:\Windows\system32\midimap.dll'
30361974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30371974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30381974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30391974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'C:\Windows\system32\ole32.dll'
30401974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
30411974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821e0b1:<flags> [calling]
30421974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30431974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30441974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30451974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30461974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d651:<flags> [calling]
30471974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4130000 'C:\Windows\system32\dsound.dll'
30481974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30491974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30501974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30511974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30521974.2fc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
30531974.2fc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001282dcc1:<flags> [calling]
30541974.2fc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb0d0000 'C:\Windows\System32\audioses.dll'
30551974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
30561974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000821d831:<flags> [calling]
30571974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef4130000 'C:\Windows\system32\dsound.dll'
30581974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6d0000 'C:\Windows\system32\winmm.dll'
30591974.58c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
30601974.58c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000059efb61:<flags> [calling]
30611974.58c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefead0000 'C:\Windows\system32\OLEAUT32.dll'
30621974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc4 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
30631974.1898: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000004dd4a0
30641974.1898: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000004dd4a0
30651974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
30661974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008218eb1:<flags> [calling]
30671974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdb60000 'C:\Windows\system32\WINTRUST.DLL'
30681974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
30691974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=0000000008218ce1:<flags> [calling]
30701974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8c0000 'C:\Windows\system32\CRYPT32.dll'
30711974.1898: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
30721974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a20000 'C:\Windows\system32\cryptnet.dll'
30731974.1898: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
30741974.1898: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
30751974.1898: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
30761974.1898: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
30771974.1898: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
30781974.1898: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
30791974.1898: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
30801974.1898: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
30811974.1898: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6d0000 'C:\Windows\system32\apphelp.dll'
30821c7c.1bd4: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 45257 ms, the end);
3083f08.1904: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x80000003 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 45631 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy