VirtualBox

Ticket #16894: VBoxHardening.log

File VBoxHardening.log, 369.8 KB (added by johank, 7 years ago)
Line 
13040.30cc: Log file opened: 5.1.28r117968 g_hStartupLog=00000000000000b4 g_uNtVerCombined=0x611db110
23040.30cc: \SystemRoot\System32\ntdll.dll:
33040.30cc: CreationTime: 2017-09-20T09:01:35.736404600Z
43040.30cc: LastWriteTime: 2017-08-11T06:36:37.595749500Z
53040.30cc: ChangeTime: 2017-09-21T16:57:41.602573000Z
63040.30cc: FileAttributes: 0x20
73040.30cc: Size: 0x1a7100
83040.30cc: NT Headers: 0xe0
93040.30cc: Timestamp: 0x598d5074
103040.30cc: Machine: 0x8664 - amd64
113040.30cc: Timestamp: 0x598d5074
123040.30cc: Image Version: 6.1
133040.30cc: SizeOfImage: 0x1aa000 (1744896)
143040.30cc: Resource Dir: 0x14e000 LB 0x5a028
153040.30cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
163040.30cc: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
173040.30cc: ProductName: Microsoft® Windows® Operating System
183040.30cc: ProductVersion: 6.1.7601.23889
193040.30cc: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
203040.30cc: FileDescription: NT Layer DLL
213040.30cc: \SystemRoot\System32\kernel32.dll:
223040.30cc: CreationTime: 2017-09-20T09:01:36.893897000Z
233040.30cc: LastWriteTime: 2017-08-11T06:34:55.815000000Z
243040.30cc: ChangeTime: 2017-09-21T16:57:42.476122600Z
253040.30cc: FileAttributes: 0x20
263040.30cc: Size: 0x11c000
273040.30cc: NT Headers: 0xe0
283040.30cc: Timestamp: 0x598d50b9
293040.30cc: Machine: 0x8664 - amd64
303040.30cc: Timestamp: 0x598d50b9
313040.30cc: Image Version: 6.1
323040.30cc: SizeOfImage: 0x11f000 (1175552)
333040.30cc: Resource Dir: 0x116000 LB 0x528
343040.30cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353040.30cc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
363040.30cc: ProductName: Microsoft® Windows® Operating System
373040.30cc: ProductVersion: 6.1.7601.23889
383040.30cc: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
393040.30cc: FileDescription: Windows NT BASE API Client DLL
403040.30cc: \SystemRoot\System32\KernelBase.dll:
413040.30cc: CreationTime: 2017-09-20T09:01:36.878293800Z
423040.30cc: LastWriteTime: 2017-08-11T06:34:55.815000000Z
433040.30cc: ChangeTime: 2017-09-21T16:57:42.476122600Z
443040.30cc: FileAttributes: 0x20
453040.30cc: Size: 0x66800
463040.30cc: NT Headers: 0xe8
473040.30cc: Timestamp: 0x598d50ba
483040.30cc: Machine: 0x8664 - amd64
493040.30cc: Timestamp: 0x598d50ba
503040.30cc: Image Version: 6.1
513040.30cc: SizeOfImage: 0x6a000 (434176)
523040.30cc: Resource Dir: 0x68000 LB 0x530
533040.30cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
543040.30cc: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
553040.30cc: ProductName: Microsoft® Windows® Operating System
563040.30cc: ProductVersion: 6.1.7601.23889
573040.30cc: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
583040.30cc: FileDescription: Windows NT BASE API Client DLL
593040.30cc: \SystemRoot\System32\apisetschema.dll:
603040.30cc: CreationTime: 2017-09-20T09:01:43.916056800Z
613040.30cc: LastWriteTime: 2017-08-11T06:34:50.979000000Z
623040.30cc: ChangeTime: 2017-09-21T16:57:41.555685100Z
633040.30cc: FileAttributes: 0x20
643040.30cc: Size: 0x1a00
653040.30cc: NT Headers: 0xc0
663040.30cc: Timestamp: 0x598d5053
673040.30cc: Machine: 0x8664 - amd64
683040.30cc: Timestamp: 0x598d5053
693040.30cc: Image Version: 6.1
703040.30cc: SizeOfImage: 0x50000 (327680)
713040.30cc: Resource Dir: 0x30000 LB 0x3f8
723040.30cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
733040.30cc: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
743040.30cc: ProductName: Microsoft® Windows® Operating System
753040.30cc: ProductVersion: 6.1.7601.23889
763040.30cc: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
773040.30cc: FileDescription: ApiSet Schema DLL
783040.30cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
793040.30cc: supR3HardenedWinFindAdversaries: 0x1003
803040.30cc: \SystemRoot\System32\drivers\SysPlant.sys:
813040.30cc: CreationTime: 2016-07-11T06:34:43.901106300Z
823040.30cc: LastWriteTime: 2017-07-10T10:11:00.965100000Z
833040.30cc: ChangeTime: 2017-07-10T10:11:00.965100000Z
843040.30cc: FileAttributes: 0x20
853040.30cc: Size: 0x2b9a8
863040.30cc: NT Headers: 0x100
873040.30cc: Timestamp: 0x576a282d
883040.30cc: Machine: 0x8664 - amd64
893040.30cc: Timestamp: 0x576a282d
903040.30cc: Image Version: 5.0
913040.30cc: SizeOfImage: 0x30000 (196608)
923040.30cc: Resource Dir: 0x2e000 LB 0x498
933040.30cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
943040.30cc: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
953040.30cc: ProductName: Symantec CMC Firewall
963040.30cc: ProductVersion: 12.1.7004.6500
973040.30cc: FileVersion: 12.1.7004.6500
983040.30cc: FileDescription: Symantec CMC Firewall SysPlant
993040.30cc: \SystemRoot\System32\sysfer.dll:
1003040.30cc: CreationTime: 2016-07-11T06:34:43.901106300Z
1013040.30cc: LastWriteTime: 2017-07-10T10:11:00.965100000Z
1023040.30cc: ChangeTime: 2017-07-10T10:11:00.965100000Z
1033040.30cc: FileAttributes: 0x20
1043040.30cc: Size: 0x73728
1053040.30cc: NT Headers: 0xf0
1063040.30cc: Timestamp: 0x576a2837
1073040.30cc: Machine: 0x8664 - amd64
1083040.30cc: Timestamp: 0x576a2837
1093040.30cc: Image Version: 0.0
1103040.30cc: SizeOfImage: 0x89000 (561152)
1113040.30cc: Resource Dir: 0x87000 LB 0x630
1123040.30cc: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
1133040.30cc: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
1143040.30cc: ProductName: Symantec CMC Firewall
1153040.30cc: ProductVersion: 12.1.7004.6500
1163040.30cc: FileVersion: 12.1.7004.6500
1173040.30cc: FileDescription: Symantec CMC Firewall sysfer
1183040.30cc: \SystemRoot\System32\drivers\symevent64x86.sys:
1193040.30cc: CreationTime: 2016-07-11T06:34:47.099106300Z
1203040.30cc: LastWriteTime: 2017-07-10T09:59:26.620566400Z
1213040.30cc: ChangeTime: 2017-07-10T09:59:26.620566400Z
1223040.30cc: FileAttributes: 0x20
1233040.30cc: Size: 0x2b8d8
1243040.30cc: NT Headers: 0xe8
1253040.30cc: Timestamp: 0x54b87d44
1263040.30cc: Machine: 0x8664 - amd64
1273040.30cc: Timestamp: 0x54b87d44
1283040.30cc: Image Version: 6.0
1293040.30cc: SizeOfImage: 0x38000 (229376)
1303040.30cc: Resource Dir: 0x36000 LB 0x3c8
1313040.30cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
1323040.30cc: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
1333040.30cc: ProductName: SYMEVENT
1343040.30cc: ProductVersion: 12.9.6.12
1353040.30cc: FileVersion: 12.9.6.12
1363040.30cc: FileDescription: Symantec Event Library
1373040.30cc: \SystemRoot\System32\drivers\vsdatant.sys:
1383040.30cc: CreationTime: 2015-11-18T07:48:36.000000000Z
1393040.30cc: LastWriteTime: 2015-11-18T07:48:36.000000000Z
1403040.30cc: ChangeTime: 2016-08-18T13:36:07.669658700Z
1413040.30cc: FileAttributes: 0x20
1423040.30cc: Size: 0x72968
1433040.30cc: NT Headers: 0xe8
1443040.30cc: Timestamp: 0x55c9afa1
1453040.30cc: Machine: 0x8664 - amd64
1463040.30cc: Timestamp: 0x55c9afa1
1473040.30cc: Image Version: 6.1
1483040.30cc: SizeOfImage: 0x96000 (614400)
1493040.30cc: Resource Dir: 0x94000 LB 0x3d0
1503040.30cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
1513040.30cc: [Raw version resource data: 0x94060 LB 0x36c, codepage 0x0 (reserved 0x0)]
1523040.30cc: ProductName: End Point Security
1533040.30cc: ProductVersion: R80
1543040.30cc: FileVersion: 926000604
1553040.30cc: FileDescription: ZoneAlarm Firewalling Driver
1563040.30cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1573040.30cc: Calling main()
1583040.30cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
1593040.30cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
1603040.30cc: SUPR3HardenedMain: Respawn #1
1613040.30cc: System32: \Device\HarddiskVolume1\Windows\System32
1623040.30cc: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
1633040.30cc: KnownDllPath: C:\windows\system32
1643040.30cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
1653040.30cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
1663040.30cc: supR3HardNtEnableThreadCreation:
1673040.30cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770aa360 pvNtTerminateThread=00000000770cc260
1683040.30cc: supR3HardenedWinDoReSpawn(1): New child 190c.11a8 [kernel32].
1693040.30cc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1703040.30cc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077080000 uNtDllChildAddr=0000000077080000
1713040.30cc: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770aa360
1723040.30cc: supR3HardenedWinSetupChildInit: Start child.
1733040.30cc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 1 ms.
1743040.30cc: supR3HardNtChildPurify: Startup delay kludge #1/0: 520 ms, 65 sleeps
1753040.30cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1763040.30cc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1773040.30cc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1783040.30cc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1793040.30cc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1803040.30cc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1813040.30cc: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
1823040.30cc: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
1833040.30cc: 0000000000051000-00000000000fffff 0x0001/0x0000 0x0000000
1843040.30cc: *0000000000100000-00000000001fbfff 0x0000/0x0004 0x0020000
1853040.30cc: 00000000001fc000-00000000001fdfff 0x0104/0x0004 0x0020000
1863040.30cc: 00000000001fe000-00000000001fffff 0x0004/0x0004 0x0020000
1873040.30cc: 0000000000200000-000000007707ffff 0x0001/0x0000 0x0000000
1883040.30cc: *0000000077080000-0000000077080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1893040.30cc: 0000000077081000-000000007717dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1903040.30cc: 000000007717e000-00000000771acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1913040.30cc: 00000000771ad000-00000000771b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1923040.30cc: 00000000771b7000-00000000771b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1933040.30cc: 00000000771b8000-00000000771bafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1943040.30cc: 00000000771bb000-0000000077229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1953040.30cc: 000000007722a000-000000007efdffff 0x0001/0x0000 0x0000000
1963040.30cc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1973040.30cc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1983040.30cc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1993040.30cc: 000000007fff0000-000000013ff6ffff 0x0001/0x0000 0x0000000
2003040.30cc: *000000013ff70000-000000013ff70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2013040.30cc: 000000013ff71000-000000013ffe0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2023040.30cc: 000000013ffe1000-000000013ffe1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2033040.30cc: 000000013ffe2000-0000000140027fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2043040.30cc: 0000000140028000-0000000140028fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2053040.30cc: 0000000140029000-0000000140029fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2063040.30cc: 000000014002a000-000000014002efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2073040.30cc: 000000014002f000-000000014002ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2083040.30cc: 0000000140030000-0000000140030fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2093040.30cc: 0000000140031000-0000000140034fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2103040.30cc: 0000000140035000-000000014007cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2113040.30cc: 000000014007d000-000000014007ffff 0x0001/0x0000 0x0000000
2123040.30cc: *0000000140080000-0000000140080fff 0x0040/0x0040 0x0020000 !!
2133040.30cc: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000140080000 (LB 0x1000, 0000000140080000 LB 0x1000)
2143040.30cc: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000140080000/0000000140080000 LB 0/0x1000]
2153040.30cc: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000140080000 LB 0x7fdbf320000 s=0x10000 ap=0x0 rp=0x00000000000001
2163040.30cc: 0000000140081000-000007feff39ffff 0x0001/0x0000 0x0000000
2173040.30cc: *000007feff3a0000-000007feff3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
2183040.30cc: 000007feff3a1000-000007fffffaffff 0x0001/0x0000 0x0000000
2193040.30cc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2203040.30cc: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
2213040.30cc: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
2223040.30cc: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
2233040.30cc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2243040.30cc: apisetschema.dll: timestamp 0x598d5053 (rc=VINF_SUCCESS)
2253040.30cc: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
2263040.30cc: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2273040.30cc: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
2283040.30cc: 000000013ff70162 / 0x0000162: 00 != 11
2293040.30cc: 000000013ff70164 / 0x0000164: 00 != 14
2303040.30cc: Restored 0x400 bytes of original file content at 000000013ff70000
2313040.30cc: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
2323040.30cc: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
2333040.30cc: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x1003 cPatchCount=0
2343040.30cc: supR3HardNtChildPurify: Startup delay kludge #1/1: 520 ms, 65 sleeps
2353040.30cc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2363040.30cc: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
2373040.30cc: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
2383040.30cc: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
2393040.30cc: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
2403040.30cc: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
2413040.30cc: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
2423040.30cc: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
2433040.30cc: 0000000000051000-00000000000fffff 0x0001/0x0000 0x0000000
2443040.30cc: *0000000000100000-00000000001fbfff 0x0000/0x0004 0x0020000
2453040.30cc: 00000000001fc000-00000000001fdfff 0x0104/0x0004 0x0020000
2463040.30cc: 00000000001fe000-00000000001fffff 0x0004/0x0004 0x0020000
2473040.30cc: 0000000000200000-000000007707ffff 0x0001/0x0000 0x0000000
2483040.30cc: *0000000077080000-0000000077080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2493040.30cc: 0000000077081000-000000007717dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2503040.30cc: 000000007717e000-00000000771acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2513040.30cc: 00000000771ad000-00000000771b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2523040.30cc: 00000000771b7000-00000000771b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2533040.30cc: 00000000771b8000-00000000771b8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2543040.30cc: 00000000771b9000-00000000771bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2553040.30cc: 00000000771bb000-0000000077229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
2563040.30cc: 000000007722a000-000000007efdffff 0x0001/0x0000 0x0000000
2573040.30cc: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
2583040.30cc: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
2593040.30cc: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
2603040.30cc: 000000007fff0000-000000013ff6ffff 0x0001/0x0000 0x0000000
2613040.30cc: *000000013ff70000-000000013ff70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2623040.30cc: 000000013ff71000-000000013ffe0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2633040.30cc: 000000013ffe1000-000000013ffe1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2643040.30cc: 000000013ffe2000-0000000140027fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2653040.30cc: 0000000140028000-0000000140034fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2663040.30cc: 0000000140035000-000000014007cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
2673040.30cc: 000000014007d000-000007feff39ffff 0x0001/0x0000 0x0000000
2683040.30cc: *000007feff3a0000-000007feff3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
2693040.30cc: 000007feff3a1000-000007fffffaffff 0x0001/0x0000 0x0000000
2703040.30cc: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2713040.30cc: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
2723040.30cc: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
2733040.30cc: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
2743040.30cc: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2753040.30cc: supR3HardNtChildPurify: Done after 1121 ms and 2 fixes (loop #1).
2763040.30cc: supR3HardNtEnableThreadCreation:
277190c.11a8: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
278190c.11a8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077080000 g_uNtVerCombined=0x611db100
279190c.11a8: ntdll.dll: timestamp 0x598d5074 (rc=VINF_SUCCESS)
280190c.11a8: New simple heap: #1 0000000000300000 LB 0x400000 (for 1744896 allocation)
281190c.11a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
282190c.11a8: System32: \Device\HarddiskVolume1\Windows\System32
283190c.11a8: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
284190c.11a8: KnownDllPath: C:\windows\system32
285190c.11a8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
286190c.11a8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
287190c.11a8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
288190c.11a8: Registered Dll notification callback with NTDLL.
289190c.11a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
290190c.11a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
291190c.11a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
292190c.11a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
293190c.11a8: supR3HardenedDllNotificationCallback: load 0000000076f60000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
294190c.11a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
295190c.11a8: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
296190c.11a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
297190c.11a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
298190c.11a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f60000 'C:\windows\system32\kernel32.dll'
299190c.11a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770aa360 pvNtTerminateThread=00000000770cc260
3003040.30cc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 50 ms.
301190c.11a8: \SystemRoot\System32\ntdll.dll:
302190c.11a8: CreationTime: 2017-09-20T09:01:35.736404600Z
303190c.11a8: LastWriteTime: 2017-08-11T06:36:37.595749500Z
304190c.11a8: ChangeTime: 2017-09-21T16:57:41.602573000Z
305190c.11a8: FileAttributes: 0x20
306190c.11a8: Size: 0x1a7100
307190c.11a8: NT Headers: 0xe0
308190c.11a8: Timestamp: 0x598d5074
309190c.11a8: Machine: 0x8664 - amd64
310190c.11a8: Timestamp: 0x598d5074
311190c.11a8: Image Version: 6.1
312190c.11a8: SizeOfImage: 0x1aa000 (1744896)
313190c.11a8: Resource Dir: 0x14e000 LB 0x5a028
314190c.11a8: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
315190c.11a8: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
316190c.11a8: ProductName: Microsoft® Windows® Operating System
317190c.11a8: ProductVersion: 6.1.7601.23889
318190c.11a8: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
319190c.11a8: FileDescription: NT Layer DLL
320190c.11a8: \SystemRoot\System32\kernel32.dll:
321190c.11a8: CreationTime: 2017-09-20T09:01:36.893897000Z
322190c.11a8: LastWriteTime: 2017-08-11T06:34:55.815000000Z
323190c.11a8: ChangeTime: 2017-09-21T16:57:42.476122600Z
324190c.11a8: FileAttributes: 0x20
325190c.11a8: Size: 0x11c000
326190c.11a8: NT Headers: 0xe0
327190c.11a8: Timestamp: 0x598d50b9
328190c.11a8: Machine: 0x8664 - amd64
329190c.11a8: Timestamp: 0x598d50b9
330190c.11a8: Image Version: 6.1
331190c.11a8: SizeOfImage: 0x11f000 (1175552)
332190c.11a8: Resource Dir: 0x116000 LB 0x528
333190c.11a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
334190c.11a8: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
335190c.11a8: ProductName: Microsoft® Windows® Operating System
336190c.11a8: ProductVersion: 6.1.7601.23889
337190c.11a8: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
338190c.11a8: FileDescription: Windows NT BASE API Client DLL
339190c.11a8: \SystemRoot\System32\KernelBase.dll:
340190c.11a8: CreationTime: 2017-09-20T09:01:36.878293800Z
341190c.11a8: LastWriteTime: 2017-08-11T06:34:55.815000000Z
342190c.11a8: ChangeTime: 2017-09-21T16:57:42.476122600Z
343190c.11a8: FileAttributes: 0x20
344190c.11a8: Size: 0x66800
345190c.11a8: NT Headers: 0xe8
346190c.11a8: Timestamp: 0x598d50ba
347190c.11a8: Machine: 0x8664 - amd64
348190c.11a8: Timestamp: 0x598d50ba
349190c.11a8: Image Version: 6.1
350190c.11a8: SizeOfImage: 0x6a000 (434176)
351190c.11a8: Resource Dir: 0x68000 LB 0x530
352190c.11a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
353190c.11a8: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
354190c.11a8: ProductName: Microsoft® Windows® Operating System
355190c.11a8: ProductVersion: 6.1.7601.23889
356190c.11a8: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
357190c.11a8: FileDescription: Windows NT BASE API Client DLL
358190c.11a8: \SystemRoot\System32\apisetschema.dll:
359190c.11a8: CreationTime: 2017-09-20T09:01:43.916056800Z
360190c.11a8: LastWriteTime: 2017-08-11T06:34:50.979000000Z
361190c.11a8: ChangeTime: 2017-09-21T16:57:41.555685100Z
362190c.11a8: FileAttributes: 0x20
363190c.11a8: Size: 0x1a00
364190c.11a8: NT Headers: 0xc0
365190c.11a8: Timestamp: 0x598d5053
366190c.11a8: Machine: 0x8664 - amd64
367190c.11a8: Timestamp: 0x598d5053
368190c.11a8: Image Version: 6.1
369190c.11a8: SizeOfImage: 0x50000 (327680)
370190c.11a8: Resource Dir: 0x30000 LB 0x3f8
371190c.11a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
372190c.11a8: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
373190c.11a8: ProductName: Microsoft® Windows® Operating System
374190c.11a8: ProductVersion: 6.1.7601.23889
375190c.11a8: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
376190c.11a8: FileDescription: ApiSet Schema DLL
377190c.11a8: NtOpenDirectoryObject failed on \Driver: 0xc0000022
378190c.11a8: supR3HardenedWinFindAdversaries: 0x1003
379190c.11a8: \SystemRoot\System32\drivers\SysPlant.sys:
380190c.11a8: CreationTime: 2016-07-11T06:34:43.901106300Z
381190c.11a8: LastWriteTime: 2017-07-10T10:11:00.965100000Z
382190c.11a8: ChangeTime: 2017-07-10T10:11:00.965100000Z
383190c.11a8: FileAttributes: 0x20
384190c.11a8: Size: 0x2b9a8
385190c.11a8: NT Headers: 0x100
386190c.11a8: Timestamp: 0x576a282d
387190c.11a8: Machine: 0x8664 - amd64
388190c.11a8: Timestamp: 0x576a282d
389190c.11a8: Image Version: 5.0
390190c.11a8: SizeOfImage: 0x30000 (196608)
391190c.11a8: Resource Dir: 0x2e000 LB 0x498
392190c.11a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
393190c.11a8: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
394190c.11a8: ProductName: Symantec CMC Firewall
395190c.11a8: ProductVersion: 12.1.7004.6500
396190c.11a8: FileVersion: 12.1.7004.6500
397190c.11a8: FileDescription: Symantec CMC Firewall SysPlant
398190c.11a8: \SystemRoot\System32\sysfer.dll:
399190c.11a8: CreationTime: 2016-07-11T06:34:43.901106300Z
400190c.11a8: LastWriteTime: 2017-07-10T10:11:00.965100000Z
401190c.11a8: ChangeTime: 2017-07-10T10:11:00.965100000Z
402190c.11a8: FileAttributes: 0x20
403190c.11a8: Size: 0x73728
404190c.11a8: NT Headers: 0xf0
405190c.11a8: Timestamp: 0x576a2837
406190c.11a8: Machine: 0x8664 - amd64
407190c.11a8: Timestamp: 0x576a2837
408190c.11a8: Image Version: 0.0
409190c.11a8: SizeOfImage: 0x89000 (561152)
410190c.11a8: Resource Dir: 0x87000 LB 0x630
411190c.11a8: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
412190c.11a8: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
413190c.11a8: ProductName: Symantec CMC Firewall
414190c.11a8: ProductVersion: 12.1.7004.6500
415190c.11a8: FileVersion: 12.1.7004.6500
416190c.11a8: FileDescription: Symantec CMC Firewall sysfer
417190c.11a8: \SystemRoot\System32\drivers\symevent64x86.sys:
418190c.11a8: CreationTime: 2016-07-11T06:34:47.099106300Z
419190c.11a8: LastWriteTime: 2017-07-10T09:59:26.620566400Z
420190c.11a8: ChangeTime: 2017-07-10T09:59:26.620566400Z
421190c.11a8: FileAttributes: 0x20
422190c.11a8: Size: 0x2b8d8
423190c.11a8: NT Headers: 0xe8
424190c.11a8: Timestamp: 0x54b87d44
425190c.11a8: Machine: 0x8664 - amd64
426190c.11a8: Timestamp: 0x54b87d44
427190c.11a8: Image Version: 6.0
428190c.11a8: SizeOfImage: 0x38000 (229376)
429190c.11a8: Resource Dir: 0x36000 LB 0x3c8
430190c.11a8: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
431190c.11a8: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
432190c.11a8: ProductName: SYMEVENT
433190c.11a8: ProductVersion: 12.9.6.12
434190c.11a8: FileVersion: 12.9.6.12
435190c.11a8: FileDescription: Symantec Event Library
436190c.11a8: \SystemRoot\System32\drivers\vsdatant.sys:
437190c.11a8: CreationTime: 2015-11-18T07:48:36.000000000Z
438190c.11a8: LastWriteTime: 2015-11-18T07:48:36.000000000Z
439190c.11a8: ChangeTime: 2016-08-18T13:36:07.669658700Z
440190c.11a8: FileAttributes: 0x20
441190c.11a8: Size: 0x72968
442190c.11a8: NT Headers: 0xe8
443190c.11a8: Timestamp: 0x55c9afa1
444190c.11a8: Machine: 0x8664 - amd64
445190c.11a8: Timestamp: 0x55c9afa1
446190c.11a8: Image Version: 6.1
447190c.11a8: SizeOfImage: 0x96000 (614400)
448190c.11a8: Resource Dir: 0x94000 LB 0x3d0
449190c.11a8: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
450190c.11a8: [Raw version resource data: 0x94060 LB 0x36c, codepage 0x0 (reserved 0x0)]
451190c.11a8: ProductName: End Point Security
452190c.11a8: ProductVersion: R80
453190c.11a8: FileVersion: 926000604
454190c.11a8: FileDescription: ZoneAlarm Firewalling Driver
455190c.11a8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
456190c.11a8: Calling main()
457190c.11a8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
458190c.11a8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
459190c.11a8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
460190c.11a8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
461190c.11a8: SUPR3HardenedMain: Respawn #2
462190c.11a8: supR3HardNtEnableThreadCreation:
463190c.11a8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
464190c.11a8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
465190c.11a8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
466190c.11a8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
467190c.11a8: supR3HardenedDllNotificationCallback: load 000007fefcbb0000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
468190c.11a8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
469190c.11a8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbb0000 'C:\windows\system32\apphelp.dll'
470190c.11a8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770aa360 pvNtTerminateThread=00000000770cc260
471190c.11a8: supR3HardenedWinDoReSpawn(2): New child 258c.2388 [kernel32].
472190c.11a8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd3000 cbPeb=0x380
473190c.11a8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077080000 uNtDllChildAddr=0000000077080000
474190c.11a8: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770aa360
475190c.11a8: supR3HardenedWinSetupChildInit: Start child.
476190c.11a8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
477190c.11a8: supR3HardNtChildPurify: Startup delay kludge #1/0: 513 ms, 64 sleeps
478190c.11a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
479190c.11a8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
480190c.11a8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
481190c.11a8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
482190c.11a8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
483190c.11a8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
484190c.11a8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
485190c.11a8: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
486190c.11a8: 0000000000051000-000000000010ffff 0x0001/0x0000 0x0000000
487190c.11a8: *0000000000110000-000000000020bfff 0x0000/0x0004 0x0020000
488190c.11a8: 000000000020c000-000000000020dfff 0x0104/0x0004 0x0020000
489190c.11a8: 000000000020e000-000000000020ffff 0x0004/0x0004 0x0020000
490190c.11a8: 0000000000210000-000000007707ffff 0x0001/0x0000 0x0000000
491190c.11a8: *0000000077080000-0000000077080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
492190c.11a8: 0000000077081000-000000007717dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
493190c.11a8: 000000007717e000-00000000771acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
494190c.11a8: 00000000771ad000-00000000771b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
495190c.11a8: 00000000771b7000-00000000771b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
496190c.11a8: 00000000771b8000-00000000771bafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
497190c.11a8: 00000000771bb000-0000000077229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
498190c.11a8: 000000007722a000-000000007efdffff 0x0001/0x0000 0x0000000
499190c.11a8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
500190c.11a8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
501190c.11a8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
502190c.11a8: 000000007fff0000-000000013ff6ffff 0x0001/0x0000 0x0000000
503190c.11a8: *000000013ff70000-000000013ff70fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
504190c.11a8: 000000013ff71000-000000013ffe0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
505190c.11a8: 000000013ffe1000-000000013ffe1fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
506190c.11a8: 000000013ffe2000-0000000140027fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
507190c.11a8: 0000000140028000-0000000140028fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
508190c.11a8: 0000000140029000-0000000140029fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
509190c.11a8: 000000014002a000-000000014002efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
510190c.11a8: 000000014002f000-000000014002ffff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
511190c.11a8: 0000000140030000-0000000140030fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
512190c.11a8: 0000000140031000-0000000140034fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
513190c.11a8: 0000000140035000-000000014007cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
514190c.11a8: 000000014007d000-000000014007ffff 0x0001/0x0000 0x0000000
515190c.11a8: *0000000140080000-0000000140080fff 0x0040/0x0040 0x0020000 !!
516190c.11a8: supHardNtVpFreeOrReplacePrivateExecMemory: Freeing exec mem at 0000000140080000 (LB 0x1000, 0000000140080000 LB 0x1000)
517190c.11a8: supHardNtVpFreeOrReplacePrivateExecMemory: Free attempt #1 succeeded: 0x0 [0000000140080000/0000000140080000 LB 0/0x1000]
518190c.11a8: supHardNtVpFreeOrReplacePrivateExecMemory: QVM after free 0: [0000000000000000]/0000000140080000 LB 0x7fdbf320000 s=0x10000 ap=0x0 rp=0x00000000000001
519190c.11a8: 0000000140081000-000007feff39ffff 0x0001/0x0000 0x0000000
520190c.11a8: *000007feff3a0000-000007feff3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
521190c.11a8: 000007feff3a1000-000007fffffaffff 0x0001/0x0000 0x0000000
522190c.11a8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
523190c.11a8: *000007fffffd3000-000007fffffd3fff 0x0004/0x0004 0x0020000
524190c.11a8: 000007fffffd4000-000007fffffddfff 0x0001/0x0000 0x0000000
525190c.11a8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
526190c.11a8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
527190c.11a8: apisetschema.dll: timestamp 0x598d5053 (rc=VINF_SUCCESS)
528190c.11a8: VirtualBox.exe: timestamp 0x59b8f49b (rc=VINF_SUCCESS)
529190c.11a8: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
530190c.11a8: VirtualBox.exe: Differences in section #0 (headers) between file and memory:
531190c.11a8: 000000013ff70162 / 0x0000162: 00 != 11
532190c.11a8: 000000013ff70164 / 0x0000164: 00 != 14
533190c.11a8: Restored 0x400 bytes of original file content at 000000013ff70000
534190c.11a8: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
535190c.11a8: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
536190c.11a8: supR3HardNtChildPurify: cFixes=2 g_fSupAdversaries=0x1003 cPatchCount=0
537190c.11a8: supR3HardNtChildPurify: Startup delay kludge #1/1: 514 ms, 64 sleeps
538190c.11a8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
539190c.11a8: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
540190c.11a8: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
541190c.11a8: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
542190c.11a8: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
543190c.11a8: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
544190c.11a8: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
545190c.11a8: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
546190c.11a8: 0000000000051000-000000000010ffff 0x0001/0x0000 0x0000000
547190c.11a8: *0000000000110000-000000000020bfff 0x0000/0x0004 0x0020000
548190c.11a8: 000000000020c000-000000000020dfff 0x0104/0x0004 0x0020000
549190c.11a8: 000000000020e000-000000000020ffff 0x0004/0x0004 0x0020000
550190c.11a8: 0000000000210000-000000007707ffff 0x0001/0x0000 0x0000000
551190c.11a8: *0000000077080000-0000000077080fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
552190c.11a8: 0000000077081000-000000007717dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
553190c.11a8: 000000007717e000-00000000771acfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
554190c.11a8: 00000000771ad000-00000000771b6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
555190c.11a8: 00000000771b7000-00000000771b7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
556190c.11a8: 00000000771b8000-00000000771b8fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
557190c.11a8: 00000000771b9000-00000000771bafff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
558190c.11a8: 00000000771bb000-0000000077229fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
559190c.11a8: 000000007722a000-000000007efdffff 0x0001/0x0000 0x0000000
560190c.11a8: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
561190c.11a8: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
562190c.11a8: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
563190c.11a8: 000000007fff0000-000000013ff6ffff 0x0001/0x0000 0x0000000
564190c.11a8: *000000013ff70000-000000013ff70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
565190c.11a8: 000000013ff71000-000000013ffe0fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
566190c.11a8: 000000013ffe1000-000000013ffe1fff 0x0040/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
567190c.11a8: 000000013ffe2000-0000000140027fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
568190c.11a8: 0000000140028000-0000000140034fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
569190c.11a8: 0000000140035000-000000014007cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe
570190c.11a8: 000000014007d000-000007feff39ffff 0x0001/0x0000 0x0000000
571190c.11a8: *000007feff3a0000-000007feff3a0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
572190c.11a8: 000007feff3a1000-000007fffffaffff 0x0001/0x0000 0x0000000
573190c.11a8: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
574190c.11a8: *000007fffffd3000-000007fffffd3fff 0x0004/0x0004 0x0020000
575190c.11a8: 000007fffffd4000-000007fffffddfff 0x0001/0x0000 0x0000000
576190c.11a8: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
577190c.11a8: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
578190c.11a8: supR3HardNtChildPurify: Done after 1060 ms and 2 fixes (loop #1).
579258c.2388: Log file opened: 5.1.28r117968 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
580258c.2388: supR3HardenedVmProcessInit: uNtDllAddr=0000000077080000 g_uNtVerCombined=0x611db100
581190c.11a8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
582258c.2388: ntdll.dll: timestamp 0x598d5074 (rc=VINF_SUCCESS)
583258c.2388: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
584190c.11a8: supR3HardNtEnableThreadCreation:
585258c.2388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
586258c.2388: System32: \Device\HarddiskVolume1\Windows\System32
587258c.2388: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
588258c.2388: KnownDllPath: C:\windows\system32
589258c.2388: supR3HardenedVmProcessInit: Opening vboxdrv...
590258c.2388: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
591258c.2388: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
592258c.2388: Registered Dll notification callback with NTDLL.
593258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
594258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
595258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
596258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
597258c.2388: supR3HardenedDllNotificationCallback: load 0000000076f60000 LB 0x0011f000 C:\windows\system32\kernel32.dll [fFlags=0x0]
598258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
599258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x0006a000 C:\windows\system32\KERNELBASE.dll [fFlags=0x0]
600258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
601258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
602258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f60000 'C:\windows\system32\kernel32.dll'
603258c.2388: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770aa360 pvNtTerminateThread=00000000770cc260
604190c.11a8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 51 ms.
605258c.2388: \SystemRoot\System32\ntdll.dll:
606258c.2388: CreationTime: 2017-09-20T09:01:35.736404600Z
607258c.2388: LastWriteTime: 2017-08-11T06:36:37.595749500Z
608258c.2388: ChangeTime: 2017-09-21T16:57:41.602573000Z
609258c.2388: FileAttributes: 0x20
610258c.2388: Size: 0x1a7100
611258c.2388: NT Headers: 0xe0
612258c.2388: Timestamp: 0x598d5074
613258c.2388: Machine: 0x8664 - amd64
614258c.2388: Timestamp: 0x598d5074
615258c.2388: Image Version: 6.1
616258c.2388: SizeOfImage: 0x1aa000 (1744896)
617258c.2388: Resource Dir: 0x14e000 LB 0x5a028
618258c.2388: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
619258c.2388: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
620258c.2388: ProductName: Microsoft® Windows® Operating System
621258c.2388: ProductVersion: 6.1.7601.23889
622258c.2388: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
623258c.2388: FileDescription: NT Layer DLL
624258c.2388: \SystemRoot\System32\kernel32.dll:
625258c.2388: CreationTime: 2017-09-20T09:01:36.893897000Z
626258c.2388: LastWriteTime: 2017-08-11T06:34:55.815000000Z
627258c.2388: ChangeTime: 2017-09-21T16:57:42.476122600Z
628258c.2388: FileAttributes: 0x20
629258c.2388: Size: 0x11c000
630258c.2388: NT Headers: 0xe0
631258c.2388: Timestamp: 0x598d50b9
632258c.2388: Machine: 0x8664 - amd64
633258c.2388: Timestamp: 0x598d50b9
634258c.2388: Image Version: 6.1
635258c.2388: SizeOfImage: 0x11f000 (1175552)
636258c.2388: Resource Dir: 0x116000 LB 0x528
637258c.2388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
638258c.2388: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
639258c.2388: ProductName: Microsoft® Windows® Operating System
640258c.2388: ProductVersion: 6.1.7601.23889
641258c.2388: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
642258c.2388: FileDescription: Windows NT BASE API Client DLL
643258c.2388: \SystemRoot\System32\KernelBase.dll:
644258c.2388: CreationTime: 2017-09-20T09:01:36.878293800Z
645258c.2388: LastWriteTime: 2017-08-11T06:34:55.815000000Z
646258c.2388: ChangeTime: 2017-09-21T16:57:42.476122600Z
647258c.2388: FileAttributes: 0x20
648258c.2388: Size: 0x66800
649258c.2388: NT Headers: 0xe8
650258c.2388: Timestamp: 0x598d50ba
651258c.2388: Machine: 0x8664 - amd64
652258c.2388: Timestamp: 0x598d50ba
653258c.2388: Image Version: 6.1
654258c.2388: SizeOfImage: 0x6a000 (434176)
655258c.2388: Resource Dir: 0x68000 LB 0x530
656258c.2388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
657258c.2388: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
658258c.2388: ProductName: Microsoft® Windows® Operating System
659258c.2388: ProductVersion: 6.1.7601.23889
660258c.2388: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
661258c.2388: FileDescription: Windows NT BASE API Client DLL
662258c.2388: \SystemRoot\System32\apisetschema.dll:
663258c.2388: CreationTime: 2017-09-20T09:01:43.916056800Z
664258c.2388: LastWriteTime: 2017-08-11T06:34:50.979000000Z
665258c.2388: ChangeTime: 2017-09-21T16:57:41.555685100Z
666258c.2388: FileAttributes: 0x20
667258c.2388: Size: 0x1a00
668258c.2388: NT Headers: 0xc0
669258c.2388: Timestamp: 0x598d5053
670258c.2388: Machine: 0x8664 - amd64
671258c.2388: Timestamp: 0x598d5053
672258c.2388: Image Version: 6.1
673258c.2388: SizeOfImage: 0x50000 (327680)
674258c.2388: Resource Dir: 0x30000 LB 0x3f8
675258c.2388: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
676258c.2388: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
677258c.2388: ProductName: Microsoft® Windows® Operating System
678258c.2388: ProductVersion: 6.1.7601.23889
679258c.2388: FileVersion: 6.1.7601.23889 (win7sp1_ldr.170810-1615)
680258c.2388: FileDescription: ApiSet Schema DLL
681258c.2388: NtOpenDirectoryObject failed on \Driver: 0xc0000022
682258c.2388: supR3HardenedWinFindAdversaries: 0x1003
683258c.2388: \SystemRoot\System32\drivers\SysPlant.sys:
684258c.2388: CreationTime: 2016-07-11T06:34:43.901106300Z
685258c.2388: LastWriteTime: 2017-07-10T10:11:00.965100000Z
686258c.2388: ChangeTime: 2017-07-10T10:11:00.965100000Z
687258c.2388: FileAttributes: 0x20
688258c.2388: Size: 0x2b9a8
689258c.2388: NT Headers: 0x100
690258c.2388: Timestamp: 0x576a282d
691258c.2388: Machine: 0x8664 - amd64
692258c.2388: Timestamp: 0x576a282d
693258c.2388: Image Version: 5.0
694258c.2388: SizeOfImage: 0x30000 (196608)
695258c.2388: Resource Dir: 0x2e000 LB 0x498
696258c.2388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
697258c.2388: [Raw version resource data: 0x2e0b8 LB 0x3e0, codepage 0x4e4 (reserved 0x0)]
698258c.2388: ProductName: Symantec CMC Firewall
699258c.2388: ProductVersion: 12.1.7004.6500
700258c.2388: FileVersion: 12.1.7004.6500
701258c.2388: FileDescription: Symantec CMC Firewall SysPlant
702258c.2388: \SystemRoot\System32\sysfer.dll:
703258c.2388: CreationTime: 2016-07-11T06:34:43.901106300Z
704258c.2388: LastWriteTime: 2017-07-10T10:11:00.965100000Z
705258c.2388: ChangeTime: 2017-07-10T10:11:00.965100000Z
706258c.2388: FileAttributes: 0x20
707258c.2388: Size: 0x73728
708258c.2388: NT Headers: 0xf0
709258c.2388: Timestamp: 0x576a2837
710258c.2388: Machine: 0x8664 - amd64
711258c.2388: Timestamp: 0x576a2837
712258c.2388: Image Version: 0.0
713258c.2388: SizeOfImage: 0x89000 (561152)
714258c.2388: Resource Dir: 0x87000 LB 0x630
715258c.2388: [Version info resource found at 0xc8! (ID/Name: 0x1; SubID/SubName: 0x409)]
716258c.2388: [Raw version resource data: 0x87100 LB 0x3d4, codepage 0x4e4 (reserved 0x0)]
717258c.2388: ProductName: Symantec CMC Firewall
718258c.2388: ProductVersion: 12.1.7004.6500
719258c.2388: FileVersion: 12.1.7004.6500
720258c.2388: FileDescription: Symantec CMC Firewall sysfer
721258c.2388: \SystemRoot\System32\drivers\symevent64x86.sys:
722258c.2388: CreationTime: 2016-07-11T06:34:47.099106300Z
723258c.2388: LastWriteTime: 2017-07-10T09:59:26.620566400Z
724258c.2388: ChangeTime: 2017-07-10T09:59:26.620566400Z
725258c.2388: FileAttributes: 0x20
726258c.2388: Size: 0x2b8d8
727258c.2388: NT Headers: 0xe8
728258c.2388: Timestamp: 0x54b87d44
729258c.2388: Machine: 0x8664 - amd64
730258c.2388: Timestamp: 0x54b87d44
731258c.2388: Image Version: 6.0
732258c.2388: SizeOfImage: 0x38000 (229376)
733258c.2388: Resource Dir: 0x36000 LB 0x3c8
734258c.2388: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
735258c.2388: [Raw version resource data: 0x360b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
736258c.2388: ProductName: SYMEVENT
737258c.2388: ProductVersion: 12.9.6.12
738258c.2388: FileVersion: 12.9.6.12
739258c.2388: FileDescription: Symantec Event Library
740258c.2388: \SystemRoot\System32\drivers\vsdatant.sys:
741258c.2388: CreationTime: 2015-11-18T07:48:36.000000000Z
742258c.2388: LastWriteTime: 2015-11-18T07:48:36.000000000Z
743258c.2388: ChangeTime: 2016-08-18T13:36:07.669658700Z
744258c.2388: FileAttributes: 0x20
745258c.2388: Size: 0x72968
746258c.2388: NT Headers: 0xe8
747258c.2388: Timestamp: 0x55c9afa1
748258c.2388: Machine: 0x8664 - amd64
749258c.2388: Timestamp: 0x55c9afa1
750258c.2388: Image Version: 6.1
751258c.2388: SizeOfImage: 0x96000 (614400)
752258c.2388: Resource Dir: 0x94000 LB 0x3d0
753258c.2388: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
754258c.2388: [Raw version resource data: 0x94060 LB 0x36c, codepage 0x0 (reserved 0x0)]
755258c.2388: ProductName: End Point Security
756258c.2388: ProductVersion: R80
757258c.2388: FileVersion: 926000604
758258c.2388: FileDescription: ZoneAlarm Firewalling Driver
759258c.2388: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
760258c.2388: Calling main()
761258c.2388: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
762258c.2388: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
763258c.2388: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
764258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.exe)
765258c.2388: SUPR3HardenedMain: Final process, opening VBoxDrv...
766258c.2388: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
767258c.2388: supR3HardNtEnableThreadCreation:
768258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
769258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
770258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b311:<flags> [calling]
771258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
772258c.2388: supR3HardenedDllNotificationCallback: load 000007fefa0a0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
773258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
774258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
775258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208a91:<flags> [calling]
776258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
777258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
778258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208a91:<flags> [calling]
779258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
780258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa0a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
781258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
782258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
783258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
784258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
785258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
786258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
787258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
788258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
789258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
790258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
791258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
792258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
793258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
794258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
795258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
796258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
797258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
798258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
799258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
800258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
801258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
802258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
803258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
804258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
805258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
806258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
807258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
808258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
809258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
810258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
811258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d121:<flags> [calling]
812258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
813258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcf80000 LB 0x0003b000 C:\windows\system32\Wintrust.dll [fFlags=0x0]
814258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
815258c.2388: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x0009f000 C:\windows\system32\msvcrt.dll [fFlags=0x0]
816258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
817258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcfc0000 LB 0x0016d000 C:\windows\system32\CRYPT32.dll [fFlags=0x0]
818258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
819258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcd70000 LB 0x0000f000 C:\windows\system32\MSASN1.dll [fFlags=0x0]
820258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
821258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe650000 LB 0x0012d000 C:\windows\system32\RPCRT4.dll [fFlags=0x0]
822258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
823258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\Wintrust.dll'
824258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
825258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
826258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d121:<flags> [calling]
827258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
828258c.2388: supR3HardenedDllNotificationCallback: load 000007fefc6f0000 LB 0x00022000 C:\windows\system32\bcrypt.dll [fFlags=0x0]
829258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
830258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6f0000 'C:\windows\system32\bcrypt.dll'
831258c.2388: bcrypt.dll loaded at 000007fefc6f0000, BCryptOpenAlgorithmProvider at 000007fefc6f2460, preloading providers:
832258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
833258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
834258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
835258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
836258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
837258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
838258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
839258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
840258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
841258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
842258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
843258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
844258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
845258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
846258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
847258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
848258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
849258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
850258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
851258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d101:<flags> [calling]
852258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
853258c.2388: supR3HardenedDllNotificationCallback: load 000007fefb9a0000 LB 0x0004c000 C:\windows\system32\bcryptprimitives.dll [fFlags=0x0]
854258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
855258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe820000 LB 0x000db000 C:\windows\system32\ADVAPI32.dll [fFlags=0x0]
856258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
857258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
858258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
859258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
860258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
861258c.2388: supR3HardenedDllNotificationCallback: load 000007fefd130000 LB 0x0001f000 C:\windows\SYSTEM32\sechost.dll [fFlags=0x0]
862258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
863258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9a0000 'C:\windows\system32\bcryptprimitives.dll'
864258c.2388: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000082c130)
865258c.2388: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000082dff0)
866258c.2388: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000082e120)
867258c.2388: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000082e340)
868258c.2388: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000082e470)
869258c.2388: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000082e5a0)
870258c.2388: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000082e7f0)
871258c.2388: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000082e920)
872258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
873258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
874258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
875258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
876258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
877258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
878258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
879258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
880258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cc71:<flags> [calling]
881258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
882258c.2388: supR3HardenedDllNotificationCallback: load 000007fefc050000 LB 0x00018000 C:\windows\system32\CRYPTSP.dll [fFlags=0x0]
883258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
884258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc050000 'C:\windows\system32\CRYPTSP.dll'
885258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
886258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
887258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
888258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
889258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
890258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
891258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cc01:<flags> [calling]
892258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
893258c.2388: supR3HardenedDllNotificationCallback: load 000007fefbf70000 LB 0x00047000 C:\windows\system32\rsaenh.dll [fFlags=0x0]
894258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
895258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf70000 'C:\windows\system32\rsaenh.dll'
896258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
897258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c491:<flags> [calling]
898258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
899258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
900258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
901258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c811:<flags> [calling]
902258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
903258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcc10000 LB 0x0000f000 C:\windows\system32\CRYPTBASE.dll [fFlags=0x0]
904258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
905258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\windows\system32\CRYPTBASE.dll'
906258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
907258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c241:<flags> [calling]
908258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f60000 'C:\windows\system32\kernel32.dll'
909258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
910258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cbd1:<flags> [calling]
911258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\WINTRUST.DLL'
912258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
913258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020ca01:<flags> [calling]
914258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\windows\system32\CRYPT32.dll'
915258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
916258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
917258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
918258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
919258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
920258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
921258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
922258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
923258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
924258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
925258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ca51:<flags> [calling]
926258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
927258c.2388: supR3HardenedDllNotificationCallback: load 000007fefef30000 LB 0x00019000 C:\windows\system32\imagehlp.dll [fFlags=0x0]
928258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
929258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef30000 'C:\windows\system32\imagehlp.dll'
930258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
931258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cba1:<flags> [calling]
932258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc050000 'C:\windows\system32\CRYPTSP.dll'
933258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
934258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
935258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
936258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
937258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
938258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
939258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
940258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
941258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
942258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
943258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
944258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
945258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
946258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
947258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
948258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
949258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
950258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
951258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
952258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
953258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
954258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
955258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
956258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
957258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
958258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
959258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
960258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
961258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
962258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
963258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
964258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
965258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
966258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
967258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
968258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
969258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
970258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
971258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
972258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
973258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
974258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c6d1:<flags> [calling]
975258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
976258c.2388: supR3HardenedDllNotificationCallback: load 0000000076e60000 LB 0x000fa000 C:\windows\system32\USER32.dll [fFlags=0x0]
977258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
978258c.2388: supR3HardenedDllNotificationCallback: load 000007fefeae0000 LB 0x00067000 C:\windows\system32\GDI32.dll [fFlags=0x0]
979258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
980258c.2388: supR3HardenedDllNotificationCallback: load 000007feff380000 LB 0x0000e000 C:\windows\system32\LPK.dll [fFlags=0x0]
981258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
982258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe110000 LB 0x000cb000 C:\windows\system32\USP10.dll [fFlags=0x0]
983258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
984258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
985258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bbd1:<flags> [calling]
986258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeae0000 'C:\windows\system32\gdi32.dll'
987258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
988258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
989258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
990258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
991258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
992258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
993258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
994258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
995258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
996258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
997258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
998258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
999258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
1000258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1001258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1002258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1003258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1004258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1005258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1006258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
1007258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
1008258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1009258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1010258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1011258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1012258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1013258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1014258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1015258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1016258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1017258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1018258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b511:<flags> [calling]
1019258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1020258c.2388: supR3HardenedDllNotificationCallback: load 000007feff270000 LB 0x0002e000 C:\windows\system32\IMM32.DLL [fFlags=0x0]
1021258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
1022258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe270000 LB 0x00109000 C:\windows\system32\MSCTF.dll [fFlags=0x0]
1023258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
1024258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'C:\windows\system32\IMM32.DLL'
1025258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\windows\system32\USER32.dll'
1026258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
1027258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1028258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
1029258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
1030258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1031258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
1032258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
1033258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
1034258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1035258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1036258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1037258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
1038258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
1039258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1040258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c9d1:<flags> [calling]
1041258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1042258c.2388: supR3HardenedDllNotificationCallback: load 000007fefc720000 LB 0x00050000 C:\windows\system32\ncrypt.dll [fFlags=0x0]
1043258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
1044258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc720000 'C:\windows\system32\ncrypt.dll'
1045258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
1046258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c7c1:<flags> [calling]
1047258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6f0000 'C:\windows\system32\bcrypt.dll'
1048258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1049258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
1050258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
1051258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
1052258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
1053258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
1054258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
1055258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1056258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
1057258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
1058258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1059258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1060258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1061258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1062258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1063258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1064258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1065258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1066258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1067258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c151:<flags> [calling]
1068258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1069258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcd90000 LB 0x0001e000 C:\windows\system32\USERENV.dll [fFlags=0x0]
1070258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
1071258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcd80000 LB 0x0000f000 C:\windows\system32\profapi.dll [fFlags=0x0]
1072258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1073258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\USERENV.dll'
1074258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1075258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020beb1:<flags> [calling]
1076258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1077258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1078258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c241:<flags> [calling]
1079258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1080258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1081258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1082258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
1083258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
1084258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1085258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1086258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1087258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1088258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1089258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1090258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c471:<flags> [calling]
1091258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1092258c.2388: supR3HardenedDllNotificationCallback: load 000007fefb810000 LB 0x0001b000 C:\windows\system32\GPAPI.dll [fFlags=0x0]
1093258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
1094258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb810000 'C:\windows\system32\GPAPI.dll'
1095258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1096258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c3c1:<flags> [calling]
1097258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1098258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
1099258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bac1:<flags> [calling]
1100258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe650000 'C:\windows\system32\rpcrt4.dll'
1101258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1102258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c3a1:<flags> [calling]
1103258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-Management-L2-1-0.dll'
1104258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1105258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c3b1:<flags> [calling]
1106258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1107258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1108258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
1109258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
1110258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
1111258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
1112258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1113258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
1114258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
1115258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1116258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
1117258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1118258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
1119258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
1120258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
1121258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1122258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1123258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1124258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1125258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1126258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1127258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1128258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1129258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1130258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020beb1:<flags> [calling]
1131258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1132258c.2388: supR3HardenedDllNotificationCallback: load 000007fefa3f0000 LB 0x00027000 C:\windows\system32\cryptnet.dll [fFlags=0x0]
1133258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1134258c.2388: supR3HardenedDllNotificationCallback: load 000007fefeba0000 LB 0x00052000 C:\windows\system32\WLDAP32.dll [fFlags=0x0]
1135258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1136258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1137258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1138258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1139258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1140258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1141258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1142258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1143258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1144258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1145258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1146258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1147258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1148258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1149258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1150258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1151258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1152258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b0e1:<flags> [calling]
1153258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1154258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1155258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1156258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1157258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1158258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1159258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1160258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1161258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1162258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1163258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1164258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1165258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1166258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
1167258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1168258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020b7d1:<flags> [calling]
1169258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1170258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1171258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b7d1:<flags> [calling]
1172258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\windows\system32\profapi.dll'
1173258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1174258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1175258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1176258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
1177258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1178258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1179258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1180258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1181258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1182258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1183258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
1184258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1185258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1186258c.2388: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1187258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b261:<flags> [calling]
1188258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1189258c.2388: supR3HardenedDllNotificationCallback: load 000007fefeff0000 LB 0x00071000 C:\windows\system32\SHLWAPI.dll [fFlags=0x0]
1190258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1191258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\windows\system32\SHLWAPI.dll'
1192258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1193258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000008cf060
1194258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1195258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=715BB8994F0B20FD853E1C092C4CA28518E8691E
1196258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1197258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c191:<flags> [calling]
1198258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1199258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1200258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bcf1:<flags> [calling]
1201258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1202258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1203258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bcf1:<flags> [calling]
1204258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1205258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1206258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c191:<flags> [calling]
1207258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
1208258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1209258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c141:<flags> [calling]
1210258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1211258c.2388: supR3HardenedIsApiSetDll: '<NULL>' -> true
1212258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020be31:<flags> [calling]
1213258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1214258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\SystemRoot\System32\ntdll.dll'
1215258c.2388: g_pfnWinVerifyTrust=000007fefcf81010
1216258c.2388: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1217258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
1218258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1219258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1220258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
1221258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_598_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1222258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1223258c.2388: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
1224258c.2388: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1225258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
1226258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1227258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1228258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
1229258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1230258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1231258c.2388: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
1232258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000038c pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1233258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1234258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1235258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1236258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1237258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1238258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
1239258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000384 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
1240258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1241258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1242258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
1243258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1244258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1245258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
1246258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000380 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
1247258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1248258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1249258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
1250258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1251258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1252258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
1253258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000025c pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
1254258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1255258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1256258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1257258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1258258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1259258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
1260258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
1261258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1262258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1263258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1264258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1265258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1266258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
1267258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
1268258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1269258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1270258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1271258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1272258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
1274258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
1275258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1276258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1277258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A48D34FC6845340A9DBBC6E8FE8C7E1DA789E8AC
1278258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1279258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1280258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
1281258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
1282258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1283258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1284258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
1285258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1286258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1287258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
1288258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
1289258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1290258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1291258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1292258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1293258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1294258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
1295258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
1296258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1297258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1298258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
1299258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1300258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1301258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
1302258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
1303258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1304258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1305258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54204179B88581EFC0328D16D151171EADAA7023
1306258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1307258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1308258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
1309258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
1310258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1311258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1312258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C825E345B3737457F9C8CE8AE46B101F3EE4F2D4
1313258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1314258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1315258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
1316258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
1317258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1318258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1319258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
1320258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
1321258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1322258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
1323258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000180 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
1324258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1325258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1326258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1327258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1328258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1329258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
1330258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
1331258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1332258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1333258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0477D054E56C2CC1191A2036FECAB76B676F0312
1334258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1335258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1336258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
1337258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
1338258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
1339258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1340258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1341258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
1342258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1343258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1344258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
1345258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
1346258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1347258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1348258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3FA2A014BF360CDC0E203A174FFC9DC5343C5323
1349258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1350258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1351258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
1352258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
1353258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1354258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1355258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E224C7C3FF8CAB2BBA959377BFBAF43DB59CF7C0
1356258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1357258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1358258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
1359258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
1360258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
1361258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1362258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1363258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=89E4E7E9C50946D5F5047099213F2AD95E99B148
1364258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1365258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1366258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
1367258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1368258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1369258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1370258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1371258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1372258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1373258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
1374258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
1375258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1376258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1377258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1378258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1379258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1380258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
1381258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1382258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1383258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1384258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=92C4040326EC1B06DA7E74F789254EC629422923
1385258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1386258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1387258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
1388258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
1389258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1390258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1391258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1392258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C994E9500455AAF1828EB74044051AF1E3A95879
1393258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1394258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1395258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
1396258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
1397258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1398258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1399258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6B8166643EF7A1A7606EAFFF6DC91B1E899898FA
1400258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1401258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1402258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
1403258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1404258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bc31:<flags> [calling]
1405258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\windows\system32\crypt32.dll'
1406258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1407258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1408258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x9dd1f917d43db300 CN=Hive Streaming Computer-Unique CA, OU=HQ, O=Hive Streaming, L=Stockholm, ST=08, C=SE
1409258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1410258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1411258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1412258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1413258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1414258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1415258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1416258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1417258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1418258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1419258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1420258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1421258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1422258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1423258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1424258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1425258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1426258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1427258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1428258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1429258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1430258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1431258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1432258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1433258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
1434258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
1435258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
1436258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1437258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1438258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1439258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1440258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1441258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1442258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
1443258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1444258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xa321f027ebbec200 O=TeliaSonera, CN=TeliaSonera Root CA v1
1445258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1446258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xb16dd37ffeb3b300 C=JP, O=SECOM Trust.net, OU=Security Communication RootCA1
1447258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1448258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1449258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1450258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
1451258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
1452258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1453258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1454258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1455258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1456258c.2388: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=Ericsson, CN=Ericsson NL Individual CA01
1457258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x40d7e1ef2dd0dbc2 O=Ericsson
1458258c.2388: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=Ericsson, CN=Ericsson NL Individual CA02
1459258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x1a2baf901d08ea00 O=Ericsson
1460258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x759bdb958658500 DC=com, DC=lhs-systems, CN=LHS Root CA
1461258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1462258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
1463258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xdd80d271558fb700 O=RSA Security Inc, OU=RSA Security 2048 V3
1464258c.2388: supR3HardenedWinIsDesiredRootCA: skipping - not-self-signed: O=TeliaSonera Group, CN=TeliaSonera Public Root CA v1
1465258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1466258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1467258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1468258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1469258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1470258c.2388: supR3HardenedWinIsDesiredRootCA: Adding 0xc66b6ddb835ed700 DC=se, DC=ericsson, DC=eamcs, CN=Ericsson Montreal Root CA
1471258c.2388: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=62
1472258c.2388: SUPR3HardenedMain: Load Runtime...
1473258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1474258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1475258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1476258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1477258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
1478258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1479258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1480258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1481258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1482258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1483258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1484258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000042c pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1485258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1486258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1487258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1488258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
1489258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1490258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1491258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1492258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1493258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
1494258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1495258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1496258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1497258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1498258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
1499258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1500258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1501258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1502258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
1503258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1504258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1505258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1506258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1507258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1508258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1509258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000043c pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
1510258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1511258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1512258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
1513258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
1514258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1515258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
1516258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
1517258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1518258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1519258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
1520258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1521258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1522258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
1523258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bf61:<flags> [calling]
1524258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1525258c.2388: supR3HardenedDllNotificationCallback: load 000007fed0c50000 LB 0x0053f000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
1526258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1527258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1528258c.2388: supR3HardenedDllNotificationCallback: load 0000000073560000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
1529258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1530258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1531258c.2388: supR3HardenedDllNotificationCallback: load 0000000066f50000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
1532258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1533258c.2388: supR3HardenedDllNotificationCallback: load 000007fefeb50000 LB 0x0004d000 C:\windows\system32\WS2_32.dll [fFlags=0x0]
1534258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1535258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe1e0000 LB 0x00008000 C:\windows\system32\NSI.dll [fFlags=0x0]
1536258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
1537258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1538258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1539258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1540258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1541258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1542258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1543258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1544258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1545258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1546258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1547258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1548258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1549258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1550258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1551258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1552258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1553258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1554258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1555258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1556258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1557258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1558258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1559258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1560258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1561258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1562258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1563258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1564258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1565258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1566258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1567258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1568258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1569258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1570258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1571258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1572258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1573258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1574258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1575258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1576258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1577258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1578258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1579258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1580258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
1581258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002096a1:<flags> [calling]
1582258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1583258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1584258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1585258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0c50000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
1586258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
1587258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dac1:<flags> [calling]
1588258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\Wintrust.dll'
1589258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
1590258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c611:<flags> [calling]
1591258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\windows\system32\crypt32.dll'
1592258c.2388: SUPR3HardenedMain: Load TrustedMain...
1593258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1594258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1595258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1596258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1597258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1598258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1599258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1600258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1601258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1602258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1603258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1604258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1605258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1606258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1607258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1608258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
1609258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
1610258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1611258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1612258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000484 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
1613258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1614258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1615258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1616258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
1617258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1618258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1619258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1620258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
1621258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
1622258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1623258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1624258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1625258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1626258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1627258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
1628258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
1629258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1630258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1631258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1632258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1633258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1634258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1635258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
1636258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
1637258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1638258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1639258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
1640258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1641258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1642258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9DDF928A79649EE6EF62D5AAEDE2609045F68737
1643258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
1644258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1645258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1646258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1647258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1648258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1649258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
1650258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
1651258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1652258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1653258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000045c pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
1654258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1655258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1656258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66792BA817E2D5077D918A98F547AEB0248EE258
1657258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
1658258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1659258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1660258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1661258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1662258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1663258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
1664258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
1665258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1666258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1667258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1668258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1669258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1670258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1671258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1672258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1673258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1674258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1675258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1676258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
1677258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
1678258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1679258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1680258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1681258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1682258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1683258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1684258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1685258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1686258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1687258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1688258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1689258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
1690258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1691258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1692258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1693258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1694258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1695258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1696258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1697258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1698258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1699258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
1700258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1701258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1702258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1703258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1704258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1705258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1706258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1707258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1708258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1709258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1710258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
1711258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1712258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1713258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1714258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1715258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1716258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1717258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1718258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1719258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1720258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1721258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1722258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
1723258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1724258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1725258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1726258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1727258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1728258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1729258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1730258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1731258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
1732258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1733258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1734258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000047c pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
1735258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1736258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1737258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1738258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
1739258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1740258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1741258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1742258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1743258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1744258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1745258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1746258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
1747258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1748258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1749258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1750258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1751258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1752258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000494 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
1753258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1754258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1755258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1756258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
1757258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1758258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1759258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1760258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1761258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1762258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1763258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1764258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
1765258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
1766258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1767258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1768258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000480 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
1769258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1770258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1771258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1772258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
1773258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1774258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1775258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1776258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1777258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
1778258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
1779258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1780258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1781258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1782258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1783258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1784258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1785258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1788258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1789258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1790258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1791258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1792258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1793258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1794258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1795258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume1\Windows\System32\mpr.dll
1796258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1797258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1798258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1799258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\mpr.dll'
1800258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1801258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) WinVerifyTrust
1802258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
1803258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1804258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1805258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
1806258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1807258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1808258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
1809258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1810258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1811258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1812258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1813258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1814258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1815258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1816258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1817258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1818258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1819258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1820258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1821258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1822258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1823258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1824258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1825258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1826258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1827258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1828258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1829258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1830258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1831258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1832258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1833258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1834258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1835258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1836258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1837258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1838258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1839258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1840258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
1841258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
1842258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1843258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1844258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1845258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1846258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1847258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1848258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1849258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1850258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1851258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1852258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1853258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1854258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1855258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1856258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1857258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
1858258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1859258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1860258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1861258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1862258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1863258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1864258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
1865258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1866258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1867258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1868258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1869258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1870258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1871258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1872258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
1873258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
1874258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1875258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1876258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004ac pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
1877258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1878258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1879258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1880258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
1881258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1882258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1883258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1884258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1885258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
1886258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
1887258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1888258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1889258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1890258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1891258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1892258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1893258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1894258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1895258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1896258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1897258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1898258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1899258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1900258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1901258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
1902258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1903258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1904258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
1905258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1906258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1907258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
1908258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1909258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1910258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
1911258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1912258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1913258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1914258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1915258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1916258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1917258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1918258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1919258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1920258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1921258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1922258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1923258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1924258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
1925258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1926258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1927258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1928258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1929258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1930258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1931258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1932258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1933258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1934258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1935258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1936258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1937258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1938258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1939258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
1940258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1941258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1942258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1943258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1944258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1945258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1946258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1947258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1948258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1949258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1950258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1951258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1952258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
1953258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1954258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1955258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume1\Windows\System32\comctl32.dll
1956258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1957258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1958258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1959258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\comctl32.dll'
1960258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1961258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1962258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1963258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1964258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll) WinVerifyTrust
1965258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
1966258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1967258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1968258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
1969258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1970258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1971258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1972258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1973258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
1974258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1975258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1976258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1977258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1978258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1979258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1980258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
1981258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1982258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1983258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1984258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1985258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1986258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
1987258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
1988258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B79EE7B5AD74EF51A849809202E043183A2C727E
1989258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
1990258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1991258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1992258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1993258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1994258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll) WinVerifyTrust
1995258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
1996258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1997258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1998258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
1999258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2000258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2001258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
2002258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
2003258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2004258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
2005258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
2006258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
2007258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2008258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
2009258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
2010258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
2011258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll) WinVerifyTrust
2012258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2013258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2014258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2015258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
2016258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
2017258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume1\Windows\System32\dciman32.dll
2018258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2019258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2020258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66AD59F39F40705A9BA47254FA40331C3501DB8F
2021258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_365_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\dciman32.dll'
2022258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2023258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2024258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
2025258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2026258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll) WinVerifyTrust
2027258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2028258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2029258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2030258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2031258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2032258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2033258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2034258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2035258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2036258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2037258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2038258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
2039258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
2040258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume1\Windows\System32\devobj.dll
2041258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2042258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2043258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
2044258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devobj.dll'
2045258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2046258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2047258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
2048258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\devobj.dll) WinVerifyTrust
2049258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
2050258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2051258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2052258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2053258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2054258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2055258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2056258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2057258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2058258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2059258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2060258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2061258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2062258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2063258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2064258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2065258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2066258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
2067258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
2068258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2069258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2070258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2071258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2072258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll) WinVerifyTrust
2073258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2074258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2075258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2076258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2077258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2078258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2079258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2080258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2081258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2082258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2083258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2084258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2085258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2086258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2087258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2088258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2089258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2090258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2091258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2092258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
2093258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
2094258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2095258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2096258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2097258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bf71:<flags> [calling]
2098258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
2099258c.2388: supR3HardenedDllNotificationCallback: load 000007fed0360000 LB 0x008eb000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
2100258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBox.dll
2101258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2102258c.2388: supR3HardenedDllNotificationCallback: load 000007fee7860000 LB 0x0011d000 C:\windows\system32\OPENGL32.dll [fFlags=0x0]
2103258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
2104258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
2105258c.2388: supR3HardenedDllNotificationCallback: load 000007fee7a10000 LB 0x0002d000 C:\windows\system32\GLU32.dll [fFlags=0x0]
2106258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
2107258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
2108258c.2388: supR3HardenedDllNotificationCallback: load 000007fee7630000 LB 0x000f1000 C:\windows\system32\DDRAW.dll [fFlags=0x0]
2109258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
2110258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2111258c.2388: supR3HardenedDllNotificationCallback: load 000007fee7a00000 LB 0x00008000 C:\windows\system32\DCIMAN32.dll [fFlags=0x0]
2112258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll
2113258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe900000 LB 0x001d7000 C:\windows\system32\SETUPAPI.dll [fFlags=0x0]
2114258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2115258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcea0000 LB 0x00036000 C:\windows\system32\CFGMGR32.dll [fFlags=0x0]
2116258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2117258c.2388: supR3HardenedDllNotificationCallback: load 000007feff2a0000 LB 0x000da000 C:\windows\system32\OLEAUT32.dll [fFlags=0x0]
2118258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2119258c.2388: supR3HardenedDllNotificationCallback: load 000007feff070000 LB 0x001fc000 C:\windows\system32\ole32.dll [fFlags=0x0]
2120258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2121258c.2388: supR3HardenedDllNotificationCallback: load 000007fefcdb0000 LB 0x0001a000 C:\windows\system32\DEVOBJ.dll [fFlags=0x0]
2122258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\devobj.dll
2123258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2124258c.2388: supR3HardenedDllNotificationCallback: load 000007fefa790000 LB 0x00018000 C:\windows\system32\dwmapi.dll [fFlags=0x0]
2125258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2126258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2127258c.2388: supR3HardenedDllNotificationCallback: load 0000000062270000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
2128258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2129258c.2388: supR3HardenedDllNotificationCallback: load 000007fefd1f0000 LB 0x00d8a000 C:\windows\system32\SHELL32.dll [fFlags=0x0]
2130258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2131258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
2132258c.2388: supR3HardenedDllNotificationCallback: load 000007fef26e0000 LB 0x00018000 C:\windows\system32\MPR.dll [fFlags=0x0]
2133258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
2134258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2135258c.2388: supR3HardenedDllNotificationCallback: load 000007fecfd60000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
2136258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2137258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2138258c.2388: supR3HardenedDllNotificationCallback: load 0000000061d00000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
2139258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
2140258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2141258c.2388: supR3HardenedDllNotificationCallback: load 000007fed8610000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2142258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
2143258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2144258c.2388: supR3HardenedDllNotificationCallback: load 000007fef22f0000 LB 0x00071000 C:\windows\system32\WINSPOOL.DRV [fFlags=0x0]
2145258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
2146258c.2388: supR3HardenedDllNotificationCallback: load 000007fefef50000 LB 0x00097000 C:\windows\system32\COMDLG32.dll [fFlags=0x0]
2147258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
2148258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2149258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2150258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2151258c.2388: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2152258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2153258c.2388: supR3HardenedDllNotificationCallback: load 000007feef5e0000 LB 0x000a0000 C:\windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2154258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2155258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2156258c.2388: supR3HardenedDllNotificationCallback: load 0000000073400000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
2157258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
2158258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2159258c.2388: supR3HardenedDllNotificationCallback: load 000007fefa5a0000 LB 0x0003b000 C:\windows\system32\WINMM.dll [fFlags=0x0]
2160258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2161258c.2388: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2162258c.2388: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2163258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
2164258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2165258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2166258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2167258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2168258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2169258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2170258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b541:<flags> [calling]
2171258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff270000 'C:\windows\system32\imm32.dll'
2172258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.DLL'
2173258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
2174258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2175258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\windows\system32\cryptbase.dll'
2176258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed0360000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
2177258c.2388: SUPR3HardenedMain: Calling TrustedMain (000007fed0361610)...
2178258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2179258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d8b1:<flags> [calling]
2180258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
2181258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
2182258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
2183258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bf91:<flags> [calling]
2184258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd80000 'C:\windows\system32\profapi.dll'
2185258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2186258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2187258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2188258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2189258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2190258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2191258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2192258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2193258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2194258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2195258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2196258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
2197258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2198258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2199258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2200258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2201258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2202258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
2203258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2204258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2205258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
2206258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2207258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2208258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2209258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2210258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2211258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2212258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2213258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2214258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2215258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2216258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2217258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2218258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2219258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
2220258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2221258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2222258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2223258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2224258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2225258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2226258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2227258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e281:<flags> [calling]
2228258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2229258c.2388: supR3HardenedDllNotificationCallback: load 000007fed2950000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
2230258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
2231258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed2950000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
2232258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
2233258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e1b1:<flags> [calling]
2234258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc10000 'C:\windows\system32\CRYPTBASE.dll'
2235258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2236258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2237258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2238258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2239258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
2240258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2241258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2242258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2243258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2244258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
2245258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2246258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2247258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2248258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2249258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2250258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2251258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2252258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dc81:<flags> [calling]
2253258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2254258c.2388: supR3HardenedDllNotificationCallback: load 000007fefab60000 LB 0x00056000 C:\windows\system32\uxtheme.dll [fFlags=0x0]
2255258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2256258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab60000 'C:\windows\system32\uxtheme.dll'
2257258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2258258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d6c1:<flags> [calling]
2259258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab60000 'C:\windows\system32\uxtheme.dll'
2260258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2261258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d431:<flags> [calling]
2262258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab60000 'C:\windows\system32\uxtheme.dll'
2263258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2264258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d431:<flags> [calling]
2265258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab60000 'C:\windows\system32\uxtheme.dll'
2266258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\windows\system32\user32.dll'
2267258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2268258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e4c1:<flags> [calling]
2269258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\windows\system32\shell32.dll'
2270258c.2388: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\windows\system32\wintab32.dll': 0 (NtPath=\??\C:\windows\system32\wintab32.dll; Input=C:\windows\system32\wintab32.dll; rcNtGetDll=0x0
2271258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\windows\system32\wintab32.dll'
2272258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
2273258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020db61:<flags> [calling]
2274258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa790000 'C:\windows\system32\dwmapi.dll'
2275258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2276258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e8e1:<flags> [calling]
2277258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
2278258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2279258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e8e1:<flags> [calling]
2280258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
2281258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2282258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ebc1:<flags> [calling]
2283258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\windows\system32\shell32.dll'
2284258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
2285258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eb91:<flags> [calling]
2286258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefab60000 'C:\windows\system32\uxtheme.dll'
2287258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\advapi32.dll'
2288258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
2289258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eaf1:<flags> [calling]
2290258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd90000 'C:\windows\system32\userenv.dll'
2291258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2292258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ebd1:<flags> [calling]
2293258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076f60000 'C:\windows\system32\kernel32.dll'
2294258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2295258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2296258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2297258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2298258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
2299258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2300258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2301258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2302258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2303258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2304258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2305258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2306258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
2307258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2308258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2309258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2310258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2311258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2312258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2313258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2314258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2315258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
2316258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2317258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2318258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2319258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2320258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2321258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2322258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2323258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
2324258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b8a1:<flags> [calling]
2325258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2326258c.2388: supR3HardenedDllNotificationCallback: load 000007fefe780000 LB 0x00099000 C:\windows\system32\CLBCatQ.DLL [fFlags=0x0]
2327258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
2328258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe780000 'C:\windows\system32\CLBCatQ.DLL'
2329258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
2330258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
2331258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a6f1:<flags> [calling]
2332258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc050000 'C:\windows\system32\CRYPTSP.dll'
2333258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005c8 pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2334258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2335258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2336258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2337258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
2338258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2339258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2340258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2341258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2342258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2343258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2344258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a2b1:<flags> [calling]
2345258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2346258c.2388: supR3HardenedDllNotificationCallback: load 000007fefccc0000 LB 0x00014000 C:\windows\system32\RpcRtRemote.dll [fFlags=0x0]
2347258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
2348258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccc0000 'C:\windows\system32\RpcRtRemote.dll'
2349258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2350258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2351258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2352258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2353258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2354258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2355258c.16f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
2356258c.16f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2357258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2358258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2359258c.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2360258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2361258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2362258c.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2363258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2364258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2365258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2366258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2367258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2368258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2369258c.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
2370258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2371258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2372258c.16f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a5e731:<flags> [calling]
2373258c.16f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2374258c.16f8: supR3HardenedDllNotificationCallback: load 000007fecf860000 LB 0x004f7000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
2375258c.16f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2376258c.16f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecf860000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
2377258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2378258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2379258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2380258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2381258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2382258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2383258c.16f8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2384258c.16f8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
2385258c.16f8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2386258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2387258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2388258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2389258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2390258c.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2391258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2392258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2393258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2394258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2395258c.16f8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2396258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2397258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2398258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2399258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2400258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2401258c.16f8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2402258c.16f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a5d1d1:<flags> [calling]
2403258c.16f8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2404258c.16f8: supR3HardenedDllNotificationCallback: load 000007fed6200000 LB 0x000b5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
2405258c.16f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
2406258c.16f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6200000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
2407258c.16f8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2408258c.16f8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004a5d061:<flags> [calling]
2409258c.16f8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\Windows\system32\oleaut32.dll'
2410258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
2411258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeae0000 'C:\windows\system32\gdi32.dll'
2412258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
2413258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a6b1:<flags> [calling]
2414258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\windows\system32\shell32.dll'
2415258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
2416258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
2417258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
2418258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
2419258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000207af1:<flags> [calling]
2420258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\windows\system32\OLEAUT32.dll'
2421258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000094c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2422258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2423258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2424258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
2425258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
2426258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2427258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2428258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
2429258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2430258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2431258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
2432258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
2433258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2434258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2435258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2436258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2437258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2438258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2439258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2440258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2441258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2442258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2443258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2444258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2445258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2446258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000950 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2447258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2448258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2449258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
2450258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
2451258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2452258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2453258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2454258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2455258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2456258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
2457258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
2458258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2459258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2460258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2461258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2462258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2463258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2464258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2465258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2466258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
2467258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2468258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2469258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2470258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2471258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2472258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2473258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206381:<flags> [calling]
2474258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2475258c.2388: supR3HardenedDllNotificationCallback: load 000007fef9e40000 LB 0x0000f000 C:\windows\system32\wbem\wbemprox.dll [fFlags=0x0]
2476258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
2477258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2478258c.2388: supR3HardenedDllNotificationCallback: load 000007fef9d60000 LB 0x00086000 C:\windows\system32\wbemcomn.dll [fFlags=0x0]
2479258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2480258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9e40000 'C:\windows\system32\wbem\wbemprox.dll'
2481258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000978 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2482258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2483258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2484258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
2485258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
2486258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2487258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2488258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
2489258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2490258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2491258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2492258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2493258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
2494258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2495258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2496258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000205fc1:<flags> [calling]
2497258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2498258c.2388: supR3HardenedDllNotificationCallback: load 000007fef16b0000 LB 0x00014000 C:\windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
2499258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
2500258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef16b0000 'C:\windows\system32\wbem\wbemsvc.dll'
2501258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000984 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2502258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2503258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2504258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
2505258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
2506258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2507258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2508258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
2509258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2510258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2511258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2512258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
2513258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2514258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2515258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2516258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2517258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000096c pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2518258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2519258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2520258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2521258c.2388: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
2522258c.2388: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2523258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2524258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2525258c.2388: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2526258c.2388: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
2527258c.2388: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2528258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2529258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2530258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2531258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2532258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2533258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2534258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
2535258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
2536258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
2537258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2538258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2539258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2540258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2541258c.2388: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2542258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2543258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2544258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2545258c.2388: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2546258c.2388: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206001:<flags> [calling]
2547258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2548258c.2388: supR3HardenedDllNotificationCallback: load 000007fef18c0000 LB 0x000e2000 C:\windows\system32\wbem\fastprox.dll [fFlags=0x0]
2549258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
2550258c.2388: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2551258c.2388: supR3HardenedDllNotificationCallback: load 000007fef8590000 LB 0x00027000 C:\windows\system32\NTDSAPI.dll [fFlags=0x0]
2552258c.2388: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
2553258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef18c0000 'C:\windows\system32\wbem\fastprox.dll'
2554258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\windows\system32\OLEAUT32.dll'
2555258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2556258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2557258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2558258c.2ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
2559258c.2ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2560258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2561258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2562258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2563258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
2564258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2565258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2566258c.2ee8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2567258c.2ee8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
2568258c.2ee8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
2569258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2570258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2571258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2572258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2573258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2574258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2575258c.2ee8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2576258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2577258c.2ee8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2578258c.2ee8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c3e921:<flags> [calling]
2579258c.2ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2580258c.2ee8: supR3HardenedDllNotificationCallback: load 000007fec85e0000 LB 0x002be000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
2581258c.2ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2582258c.2ee8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
2583258c.2ee8: supR3HardenedDllNotificationCallback: load 0000000066be0000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
2584258c.2ee8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
2585258c.2ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec85e0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
2586258c.36d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2587258c.36d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2588258c.36d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2589258c.36d8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2590258c.36d8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
2591258c.36d8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2592258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2593258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2594258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2595258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2596258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2597258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2598258c.36d8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2599258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2600258c.36d8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2601258c.36d8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000083cd931:<flags> [calling]
2602258c.36d8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2603258c.36d8: supR3HardenedDllNotificationCallback: load 000007fef1c80000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
2604258c.36d8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
2605258c.36d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1c80000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
2606258c.36d8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e60000 'C:\windows\system32\User32.dll'
2607258c.1ccc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2608258c.1ccc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2609258c.1ccc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2610258c.1ccc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2611258c.1ccc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2612258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2613258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2614258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2615258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2616258c.1ccc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
2617258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2618258c.1ccc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2619258c.1ccc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000086dd911:<flags> [calling]
2620258c.1ccc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2621258c.1ccc: supR3HardenedDllNotificationCallback: load 000007fef06e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2622258c.1ccc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
2623258c.1ccc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef06e0000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
2624258c.1cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2625258c.1cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2626258c.1cec: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2627258c.1cec: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
2628258c.1cec: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2629258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2630258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2631258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2632258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2633258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2634258c.1cec: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2635258c.1cec: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
2636258c.1cec: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000813de91:<flags> [calling]
2637258c.1cec: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2638258c.1cec: supR3HardenedDllNotificationCallback: load 000007fef0580000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2639258c.1cec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
2640258c.1cec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0580000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
2641258c.974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2642258c.974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2643258c.974: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2644258c.974: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
2645258c.974: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2646258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2647258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2648258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2649258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
2650258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2651258c.974: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2652258c.974: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000088bdb11:<flags> [calling]
2653258c.974: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2654258c.974: supR3HardenedDllNotificationCallback: load 000007fef0570000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2655258c.974: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
2656258c.974: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0570000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
2657258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1f0000 'C:\windows\system32\Shell32.dll'
2658258c.17c8: supR3HardenedIsApiSetDll: '<NULL>' -> true
2659258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000008019301:<flags> [calling]
2660258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2661258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2662258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2663258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2664258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2665258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2666258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2667258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2668258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2669258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2670258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2671258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
2672258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2673258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2674258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2675258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ba8 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2676258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2677258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2678258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2679258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
2680258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2681258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2682258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2683258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2684258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2685258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2686258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2687258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2688258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2689258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2690258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2691258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2692258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2693258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2694258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2695258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2696258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2697258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2698258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2699258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2700258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2701258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
2702258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2703258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2704258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
2705258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2706258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2707258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2708258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2709258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2710258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
2711258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2712258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2713258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2714258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2715258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2716258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2717258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2718258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2719258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2720258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2721258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2722258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2723258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2724258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2725258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2726258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2727258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2728258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2729258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2730258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2731258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2732258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2733258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2734258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2735258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2736258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2737258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2738258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bc0 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
2739258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2740258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2741258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
2742258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_118_for_KB4038779~31bf3856ad364e35~amd64~~6.1.1.3.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
2743258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2744258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2745258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2746258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2747258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
2748258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2749258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2750258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2751258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2752258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2753258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2754258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2755258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2756258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2757258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2758258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2759258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2760258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2761258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d7f1:<flags> [calling]
2762258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2763258c.17c8: supR3HardenedDllNotificationCallback: load 000007fec7c20000 LB 0x009b2000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
2764258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
2765258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2766258c.17c8: supR3HardenedDllNotificationCallback: load 000007fed8400000 LB 0x00058000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
2767258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
2768258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2769258c.17c8: supR3HardenedDllNotificationCallback: load 000007fee2d30000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
2770258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2771258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2772258c.17c8: supR3HardenedDllNotificationCallback: load 000007fef92c0000 LB 0x00027000 C:\windows\system32\IPHLPAPI.DLL [fFlags=0x0]
2773258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2774258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2775258c.17c8: supR3HardenedDllNotificationCallback: load 000007fef92b0000 LB 0x0000b000 C:\windows\system32\WINNSI.DLL [fFlags=0x0]
2776258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
2777258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fec7c20000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
2778258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
2779258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d7f1:<flags> [calling]
2780258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fecf860000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
2781258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
2782258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d701:<flags> [calling]
2783258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2d30000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
2784258c.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2785258c.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2786258c.37dc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2787258c.37dc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
2788258c.37dc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2789258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2790258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
2791258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2792258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2793258c.37dc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
2794258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2795258c.37dc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
2796258c.37dc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000ca0d951:<flags> [calling]
2797258c.37dc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2798258c.37dc: supR3HardenedDllNotificationCallback: load 000007fef04e0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
2799258c.37dc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
2800258c.37dc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef04e0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
2801258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2802258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d661:<flags> [calling]
2803258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef92c0000 'C:\windows\system32\Iphlpapi.dll'
2804258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cbc pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
2805258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2806258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2807258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC0AE0624E37D3E65E0DF3478A34662E1498D862
2808258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_211_for_KB2775511~31bf3856ad364e35~amd64~~6.1.2.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
2809258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2810258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2811258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2812258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2813258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
2814258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
2815258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2816258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2817258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2818258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2819258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2820258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2821258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2822258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e7b1:<flags> [calling]
2823258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
2824258c.17c8: supR3HardenedDllNotificationCallback: load 000007fef90c0000 LB 0x00011000 C:\windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
2825258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
2826258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90c0000 'C:\windows\system32\dhcpcsvc6.DLL'
2827258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2828258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e4d1:<flags> [calling]
2829258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef92c0000 'C:\windows\system32\IPHLPAPI.DLL'
2830258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ce0 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
2831258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2832258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2833258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
2834258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
2835258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2836258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2837258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2838258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
2839258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
2840258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
2841258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
2842258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2843258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2844258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
2845258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2846258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2847258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
2848258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2849258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2850258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2851258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2852258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e801:<flags> [calling]
2853258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
2854258c.17c8: supR3HardenedDllNotificationCallback: load 000007fef90a0000 LB 0x00018000 C:\windows\system32\dhcpcsvc.DLL [fFlags=0x0]
2855258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
2856258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef90a0000 'C:\windows\system32\dhcpcsvc.DLL'
2857258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
2858258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e461:<flags> [calling]
2859258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef92c0000 'C:\windows\system32\IPHLPAPI.DLL'
2860258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d54 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
2861258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2862258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2863258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
2864258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
2865258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2866258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2867258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2868258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2869258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2870258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
2871258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
2872258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
2873258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
2874258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
2875258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
2876258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d58 pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll
2877258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2878258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2879258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
2880258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll'
2881258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2882258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2883258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2884258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2885258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
2886258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2887258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2888258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2889258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2890258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2891258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2892258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
2893258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2894258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2895258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2896258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2897258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2898258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2899258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2900258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2901258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2902258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2903258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2904258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2905258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2906258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d5d1:<flags> [calling]
2907258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2908258c.17c8: supR3HardenedDllNotificationCallback: load 000007fee15f0000 LB 0x00088000 C:\windows\System32\dsound.dll [fFlags=0x0]
2909258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2910258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2911258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x0002c000 C:\windows\System32\POWRPROF.dll [fFlags=0x0]
2912258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
2913258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2914258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801c941:<flags> [calling]
2915258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\System32\dsound.dll'
2916258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\System32\dsound.dll'
2917258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
2918258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d6b1:<flags> [calling]
2919258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
2920258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d5c pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2921258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2922258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2923258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
2924258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll'
2925258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2926258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2927258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2928258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2929258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
2930258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
2931258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2932258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
2933258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
2934258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d80 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll
2935258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
2936258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
2937258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
2938258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll'
2939258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2940258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2941258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
2942258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
2943258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
2944258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2945258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
2946258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
2947258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2948258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2949258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2950258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2951258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2952258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2953258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2954258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2955258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2956258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2957258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2958258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2959258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2960258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2961258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2962258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2963258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d0a1:<flags> [calling]
2964258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2965258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefb470000 LB 0x0004b000 C:\windows\System32\MMDevApi.dll [fFlags=0x0]
2966258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2967258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
2968258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefb1e0000 LB 0x0012c000 C:\windows\System32\PROPSYS.dll [fFlags=0x0]
2969258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
2970258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe820000 'C:\windows\system32\ADVAPI32.dll'
2971258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb470000 'C:\windows\System32\MMDevApi.dll'
2972258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
2973258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
2974258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d3d1:<flags> [calling]
2975258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe900000 'C:\windows\system32\SETUPAPI.dll'
2976258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
2977258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e2b1:<flags> [calling]
2978258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeff0000 'C:\windows\system32\SHLWAPI.dll'
2979258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2980258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e4d1:<flags> [calling]
2981258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb470000 'C:\windows\system32\MMDEVAPI.DLL'
2982258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
2983258c.2cd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
2984258c.2cd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000172bf261:<flags> [calling]
2985258c.2cd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcea0000 'C:\windows\system32\CFGMGR32.dll'
2986258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
2987258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e101:<flags> [calling]
2988258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
2989258c.17c8: supR3HardenedIsApiSetDll: '<NULL>' -> true
2990258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000801df61:<flags> [calling]
2991258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-Management-L1-1-0.dll'
2992258c.17c8: supR3HardenedIsApiSetDll: '<NULL>' -> true
2993258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000801df61:<flags> [calling]
2994258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd130000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
2995258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe650000 'C:\windows\system32\RPCRT4.dll'
2996258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
2997258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dfc1:<flags> [calling]
2998258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb470000 'C:\windows\system32\MMDevAPI.DLL'
2999258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000db8 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3000258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3001258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3002258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
3003258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
3004258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3005258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3006258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3007258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3008258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3009258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3010258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
3011258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3012258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
3013258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
3014258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3015258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3016258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3017258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dbc pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll
3018258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3019258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3020258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
3021258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll'
3022258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3023258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
3024258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
3025258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3026258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3027258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3028258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3029258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3030258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dd8 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll
3031258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3032258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3033258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
3034258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll'
3035258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3036258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3037258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
3038258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3039258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3040258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3041258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3042258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3043258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3044258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3045258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3046258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3047258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3048258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3049258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3050258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3051258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3052258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801db31:<flags> [calling]
3053258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3054258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefa560000 LB 0x0003b000 C:\windows\system32\wdmaud.drv [fFlags=0x0]
3055258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3056258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3057258c.17c8: supR3HardenedDllNotificationCallback: load 00000000748c0000 LB 0x00006000 C:\windows\system32\ksuser.dll [fFlags=0x0]
3058258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
3059258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3060258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefb410000 LB 0x00009000 C:\windows\system32\AVRT.dll [fFlags=0x0]
3061258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3062258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3063258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3064258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801db31:<flags> [calling]
3065258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3066258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3067258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dce1:<flags> [calling]
3068258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3069258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3070258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dce1:<flags> [calling]
3071258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3072258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3073258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dce1:<flags> [calling]
3074258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3075258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df4 pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3076258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3077258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3078258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
3079258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_107_for_KB4022168~31bf3856ad364e35~amd64~~6.1.1.7.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll'
3080258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3081258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3082258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3083258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3084258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3085258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3086258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3087258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3088258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
3089258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3090258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3091258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3092258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3093258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3094258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3095258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3096258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3097258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3098258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3099258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3100258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3101258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3102258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3103258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3104258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3105258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dcf1:<flags> [calling]
3106258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3107258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefa510000 LB 0x0004f000 C:\windows\system32\AUDIOSES.DLL [fFlags=0x0]
3108258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3109258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa510000 'C:\windows\system32\AUDIOSES.DLL'
3110258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3111258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dce1:<flags> [calling]
3112258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3113258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
3114258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dce1:<flags> [calling]
3115258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3116258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3117258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3118258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3119258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa560000 'C:\windows\system32\wdmaud.drv'
3120258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df8 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
3121258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3122258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3123258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3124258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
3125258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3126258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3127258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3128258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3129258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3130258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3131258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
3132258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3133258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3134258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3135258c.17c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
3136258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3137258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3138258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e00 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll
3139258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3140258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3141258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3142258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll'
3143258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3144258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3145258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3146258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3147258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3148258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3149258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
3150258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3151258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3152258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3153258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3154258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3155258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3156258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3157258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3158258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3159258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3160258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3161258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3162258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3163258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3164258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3165258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3166258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3167258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dae1:<flags> [calling]
3168258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3169258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefb3f0000 LB 0x0000a000 C:\windows\system32\msacm32.drv [fFlags=0x0]
3170258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3171258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3172258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefa3a0000 LB 0x00018000 C:\windows\system32\MSACM32.dll [fFlags=0x0]
3173258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
3174258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3175258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3176258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3177258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3178258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3179258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3180258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3181258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3182258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3183258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3184258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3185258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3186258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3187258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3188258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3189258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3190258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
3191258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4e1:<flags> [calling]
3192258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3193258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3194258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3195258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb3f0000 'C:\windows\system32\msacm32.drv'
3196258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
3197258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3198258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3199258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3200258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
3201258c.17c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3202258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3203258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3204258c.17c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3205258c.17c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
3206258c.17c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
3207258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3208258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3209258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3210258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3211258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3212258c.17c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3213258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dae1:<flags> [calling]
3214258c.17c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3215258c.17c8: supR3HardenedDllNotificationCallback: load 000007fefa390000 LB 0x00009000 C:\windows\system32\midimap.dll [fFlags=0x0]
3216258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3217258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\windows\system32\midimap.dll'
3218258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3219258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4b1:<flags> [calling]
3220258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\windows\system32\midimap.dll'
3221258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3222258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d4b1:<flags> [calling]
3223258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\windows\system32\midimap.dll'
3224258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
3225258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dae1:<flags> [calling]
3226258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa390000 'C:\windows\system32\midimap.dll'
3227258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3228258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3229258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3230258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff070000 'C:\windows\system32\ole32.dll'
3231258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3232258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3233258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801e101:<flags> [calling]
3234258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3235258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3236258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3237258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d6a1:<flags> [calling]
3238258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3239258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3240258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3241258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3242258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3243258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801d881:<flags> [calling]
3244258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3245258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3246258c.2388: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\WINMM.dll'
3247258c.2ee8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff2a0000 'C:\windows\system32\OLEAUT32.dll'
3248258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f68 pwszName=\Device\HarddiskVolume1\Windows\System32\mswsock.dll
3249258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3250258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3251258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
3252258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\mswsock.dll'
3253258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3254258c.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3255258c.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3256258c.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3257258c.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3258258c.33d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mswsock.dll) WinVerifyTrust
3259258c.33d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mswsock.dll
3260258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3261258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3262258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3263258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3264258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3265258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3266258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3267258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3268258c.33d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000167bf261:<flags> [calling]
3269258c.33d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mswsock.dll
3270258c.33d4: supR3HardenedDllNotificationCallback: load 000007fefbff0000 LB 0x00055000 C:\windows\system32\mswsock.dll [fFlags=0x0]
3271258c.33d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mswsock.dll
3272258c.33d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbff0000 'C:\windows\system32\mswsock.dll'
3273258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f84 pwszName=\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
3274258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3275258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3276258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
3277258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL'
3278258c.33d4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3279258c.33d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
3280258c.33d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
3281258c.33d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
3282258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3283258c.33d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3284258c.33d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000167bf401:<flags> [calling]
3285258c.33d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
3286258c.33d4: supR3HardenedDllNotificationCallback: load 000007fefb720000 LB 0x00007000 C:\windows\System32\wshtcpip.dll [fFlags=0x0]
3287258c.33d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\WSHTCPIP.DLL
3288258c.33d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb720000 'C:\windows\System32\wshtcpip.dll'
3289258c.286c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3290258c.286c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000824e131:<flags> [calling]
3291258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3292258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3293258c.286c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
3294258c.286c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000824db61:<flags> [calling]
3295258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa510000 'C:\windows\System32\audioses.dll'
3296258c.2ac8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3297258c.2ac8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003dbdf651:<flags> [calling]
3298258c.2ac8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3299258c.286c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3300258c.286c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000824e131:<flags> [calling]
3301258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3302258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3303258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3304258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3305258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3306258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3307258c.36ec: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3308258c.36ec: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003d95fc31:<flags> [calling]
3309258c.36ec: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3310258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3311258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3312258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3313258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3314258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3315258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3316258c.32cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3317258c.32cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000017fbfd71:<flags> [calling]
3318258c.32cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3319258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3320258c.286c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
3321258c.286c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000824f4e1:<flags> [calling]
3322258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3323258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3324258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3325258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3326258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3327258c.2c10: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3328258c.2c10: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003d63f931:<flags> [calling]
3329258c.2c10: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3330258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3331258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3332258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3333258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3334258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3335258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3336258c.368c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3337258c.368c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000017a6fb11:<flags> [calling]
3338258c.368c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3339258c.17c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
3340258c.17c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000801dc71:<flags> [calling]
3341258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3342258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3343258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3344258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3345258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3346258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3347258c.2fe8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
3348258c.2fe8: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000003779fc31:<flags> [calling]
3349258c.2fe8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3350258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3351258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3352258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3353258c.286c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3354258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15f0000 'C:\windows\system32\dsound.dll'
3355258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3356258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3357258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3358258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3359258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3360258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3361258c.17c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa5a0000 'C:\windows\system32\winmm.dll'
3362258c.2ad8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3363258c.378c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb410000 'C:\windows\system32\avrt.dll'
3364258c.321c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000012d0 pwszName=\Device\HarddiskVolume1\Windows\System32\apphelp.dll
3365258c.321c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000008cf060
3366258c.321c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000008cf060
3367258c.321c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
3368258c.321c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001781b001:<flags> [calling]
3369258c.321c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf80000 'C:\windows\system32\WINTRUST.DLL'
3370258c.321c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
3371258c.321c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000001781ae31:<flags> [calling]
3372258c.321c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcfc0000 'C:\windows\system32\CRYPT32.dll'
3373258c.321c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82846C7DC170BBD7F68FE9966A8D339A60BCFF16
3374258c.321c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa3f0000 'C:\windows\system32\cryptnet.dll'
3375258c.321c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\apphelp.dll'
3376258c.321c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3377258c.321c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll) WinVerifyTrust
3378258c.321c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3379258c.321c: supR3HardenedMonitor_LdrLoadDll: pName=C:\windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3380258c.321c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3381258c.321c: supR3HardenedDllNotificationCallback: load 000007fefcbb0000 LB 0x00057000 C:\windows\system32\apphelp.dll [fFlags=0x0]
3382258c.321c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3383258c.321c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcbb0000 'C:\windows\system32\apphelp.dll'
3384190c.11a8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 66279759 ms, the end);
33853040.30cc: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 66280980 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy