VirtualBox

Ticket #17175: VBoxHardening-Ubuntu-Studio-Desktop.2.log

File VBoxHardening-Ubuntu-Studio-Desktop.2.log, 353.6 KB (added by Al B, 7 years ago)
Line 
1d08.750: Log file opened: 5.2.0r118431 g_hStartupLog=00000000000000b0 g_uNtVerCombined=0x611db110
2d08.750: \SystemRoot\System32\ntdll.dll:
3d08.750: CreationTime: 2017-10-11T16:58:12.052589800Z
4d08.750: LastWriteTime: 2017-09-13T15:31:56.094569800Z
5d08.750: ChangeTime: 2017-10-11T17:31:50.425850200Z
6d08.750: FileAttributes: 0x20
7d08.750: Size: 0x1a7100
8d08.750: NT Headers: 0xe0
9d08.750: Timestamp: 0x59b94ee4
10d08.750: Machine: 0x8664 - amd64
11d08.750: Timestamp: 0x59b94ee4
12d08.750: Image Version: 6.1
13d08.750: SizeOfImage: 0x1aa000 (1744896)
14d08.750: Resource Dir: 0x14e000 LB 0x5a028
15d08.750: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
16d08.750: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
17d08.750: ProductName: Microsoft® Windows® Operating System
18d08.750: ProductVersion: 6.1.7601.23915
19d08.750: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
20d08.750: FileDescription: NT Layer DLL
21d08.750: \SystemRoot\System32\kernel32.dll:
22d08.750: CreationTime: 2017-10-11T16:58:10.744515000Z
23d08.750: LastWriteTime: 2017-09-13T15:27:59.681000000Z
24d08.750: ChangeTime: 2017-10-11T17:31:52.656654100Z
25d08.750: FileAttributes: 0x20
26d08.750: Size: 0x11c000
27d08.750: NT Headers: 0xe0
28d08.750: Timestamp: 0x59b94f29
29d08.750: Machine: 0x8664 - amd64
30d08.750: Timestamp: 0x59b94f29
31d08.750: Image Version: 6.1
32d08.750: SizeOfImage: 0x11f000 (1175552)
33d08.750: Resource Dir: 0x116000 LB 0x528
34d08.750: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
35d08.750: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
36d08.750: ProductName: Microsoft® Windows® Operating System
37d08.750: ProductVersion: 6.1.7601.23915
38d08.750: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
39d08.750: FileDescription: Windows NT BASE API Client DLL
40d08.750: \SystemRoot\System32\KernelBase.dll:
41d08.750: CreationTime: 2017-10-11T16:58:10.479499800Z
42d08.750: LastWriteTime: 2017-09-13T15:27:59.681000000Z
43d08.750: ChangeTime: 2017-10-11T17:31:52.656654100Z
44d08.750: FileAttributes: 0x20
45d08.750: Size: 0x66800
46d08.750: NT Headers: 0xe8
47d08.750: Timestamp: 0x59b94f2a
48d08.750: Machine: 0x8664 - amd64
49d08.750: Timestamp: 0x59b94f2a
50d08.750: Image Version: 6.1
51d08.750: SizeOfImage: 0x6a000 (434176)
52d08.750: Resource Dir: 0x68000 LB 0x530
53d08.750: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
54d08.750: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
55d08.750: ProductName: Microsoft® Windows® Operating System
56d08.750: ProductVersion: 6.1.7601.23915
57d08.750: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
58d08.750: FileDescription: Windows NT BASE API Client DLL
59d08.750: \SystemRoot\System32\apisetschema.dll:
60d08.750: CreationTime: 2017-10-11T16:58:09.646452200Z
61d08.750: LastWriteTime: 2017-09-13T15:27:55.360000000Z
62d08.750: ChangeTime: 2017-10-11T17:31:50.394650100Z
63d08.750: FileAttributes: 0x20
64d08.750: Size: 0x1a00
65d08.750: NT Headers: 0xc0
66d08.750: Timestamp: 0x59b94ec4
67d08.750: Machine: 0x8664 - amd64
68d08.750: Timestamp: 0x59b94ec4
69d08.750: Image Version: 6.1
70d08.750: SizeOfImage: 0x50000 (327680)
71d08.750: Resource Dir: 0x30000 LB 0x3f8
72d08.750: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
73d08.750: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
74d08.750: ProductName: Microsoft® Windows® Operating System
75d08.750: ProductVersion: 6.1.7601.23915
76d08.750: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
77d08.750: FileDescription: ApiSet Schema DLL
78d08.750: NtOpenDirectoryObject failed on \Driver: 0xc0000022
79d08.750: supR3HardenedWinFindAdversaries: 0x2
80d08.750: \SystemRoot\System32\drivers\symevent64x86.sys:
81d08.750: CreationTime: 2015-02-27T12:55:28.479807000Z
82d08.750: LastWriteTime: 2017-07-23T11:59:19.679083600Z
83d08.750: ChangeTime: 2017-07-23T11:59:19.679083600Z
84d08.750: FileAttributes: 0x20
85d08.750: Size: 0x190a8
86d08.750: NT Headers: 0xe0
87d08.750: Timestamp: 0x584f629e
88d08.750: Machine: 0x8664 - amd64
89d08.750: Timestamp: 0x584f629e
90d08.750: Image Version: 6.2
91d08.750: SizeOfImage: 0x23000 (143360)
92d08.750: Resource Dir: 0x21000 LB 0x3c8
93d08.750: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
94d08.750: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
95d08.750: ProductName: SYMEVENT
96d08.750: ProductVersion: 14.0.4.16
97d08.750: FileVersion: 14.0.4.16
98d08.750: FileDescription: Symantec Event Library
99d08.750: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
100d08.750: Calling main()
101d08.750: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
102d08.750: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
103d08.750: SUPR3HardenedMain: Respawn #1
104d08.750: System32: \Device\HarddiskVolume2\Windows\System32
105d08.750: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
106d08.750: KnownDllPath: C:\Windows\system32
107d08.750: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
108d08.750: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
109d08.750: supR3HardNtEnableThreadCreation:
110d08.750: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770da360 pvNtTerminateThread=00000000770fc260
111d08.750: supR3HardenedWinDoReSpawn(1): New child ba8.1b50 [kernel32].
112d08.750: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
113d08.750: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770b0000 uNtDllChildAddr=00000000770b0000
114d08.750: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770da360
115d08.750: supR3HardenedWinSetupChildInit: Start child.
116d08.750: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
117d08.750: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 54 sleeps
118d08.750: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
119d08.750: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
120d08.750: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
121d08.750: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
122d08.750: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
123d08.750: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
124d08.750: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
125d08.750: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
126d08.750: 0000000000051000-000000000015ffff 0x0001/0x0000 0x0000000
127d08.750: *0000000000160000-000000000025bfff 0x0000/0x0004 0x0020000
128d08.750: 000000000025c000-000000000025dfff 0x0104/0x0004 0x0020000
129d08.750: 000000000025e000-000000000025ffff 0x0004/0x0004 0x0020000
130d08.750: 0000000000260000-00000000770affff 0x0001/0x0000 0x0000000
131d08.750: *00000000770b0000-00000000770b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
132d08.750: 00000000770b1000-00000000771adfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
133d08.750: 00000000771ae000-00000000771dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
134d08.750: 00000000771dd000-00000000771e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
135d08.750: 00000000771e7000-00000000771e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
136d08.750: 00000000771e8000-00000000771eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
137d08.750: 00000000771eb000-0000000077259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
138d08.750: 000000007725a000-000000007efdffff 0x0001/0x0000 0x0000000
139d08.750: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
140d08.750: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
141d08.750: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
142d08.750: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000
143d08.750: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
144d08.750: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
145d08.750: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
146d08.750: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
147d08.750: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
148d08.750: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
149d08.750: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
150d08.750: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
151d08.750: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
152d08.750: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
153d08.750: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
154d08.750: 000000013fc2e000-000007feff3cffff 0x0001/0x0000 0x0000000
155d08.750: *000007feff3d0000-000007feff3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
156d08.750: 000007feff3d1000-000007fffffaffff 0x0001/0x0000 0x0000000
157d08.750: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
158d08.750: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
159d08.750: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
160d08.750: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
161d08.750: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
162d08.750: apisetschema.dll: timestamp 0x59b94ec4 (rc=VINF_SUCCESS)
163d08.750: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
164d08.750: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
165d08.750: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
166d08.750: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
167d08.750: supR3HardNtChildPurify: Done after 542 ms and 0 fixes (loop #0).
168d08.750: supR3HardNtEnableThreadCreation:
169ba8.1b50: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
170ba8.1b50: supR3HardenedVmProcessInit: uNtDllAddr=00000000770b0000 g_uNtVerCombined=0x611db100
171ba8.1b50: ntdll.dll: timestamp 0x59b94ee4 (rc=VINF_SUCCESS)
172ba8.1b50: New simple heap: #1 0000000000260000 LB 0x400000 (for 1744896 allocation)
173ba8.1b50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
174ba8.1b50: System32: \Device\HarddiskVolume2\Windows\System32
175ba8.1b50: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
176ba8.1b50: KnownDllPath: C:\Windows\system32
177ba8.1b50: supR3HardenedVmProcessInit: Opening vboxdrv stub...
178ba8.1b50: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
179ba8.1b50: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
180ba8.1b50: Registered Dll notification callback with NTDLL.
181ba8.1b50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
182ba8.1b50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
183ba8.1b50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
184ba8.1b50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
185ba8.1b50: supR3HardenedDllNotificationCallback: load 0000000076e90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
186ba8.1b50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
187ba8.1b50: supR3HardenedDllNotificationCallback: load 000007fefcdc0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
188ba8.1b50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
189ba8.1b50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
190ba8.1b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e90000 'C:\Windows\system32\kernel32.dll'
191ba8.1b50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770da360 pvNtTerminateThread=00000000770fc260
192d08.750: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 23 ms.
193ba8.1b50: \SystemRoot\System32\ntdll.dll:
194ba8.1b50: CreationTime: 2017-10-11T16:58:12.052589800Z
195ba8.1b50: LastWriteTime: 2017-09-13T15:31:56.094569800Z
196ba8.1b50: ChangeTime: 2017-10-11T17:31:50.425850200Z
197ba8.1b50: FileAttributes: 0x20
198ba8.1b50: Size: 0x1a7100
199ba8.1b50: NT Headers: 0xe0
200ba8.1b50: Timestamp: 0x59b94ee4
201ba8.1b50: Machine: 0x8664 - amd64
202ba8.1b50: Timestamp: 0x59b94ee4
203ba8.1b50: Image Version: 6.1
204ba8.1b50: SizeOfImage: 0x1aa000 (1744896)
205ba8.1b50: Resource Dir: 0x14e000 LB 0x5a028
206ba8.1b50: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
207ba8.1b50: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
208ba8.1b50: ProductName: Microsoft® Windows® Operating System
209ba8.1b50: ProductVersion: 6.1.7601.23915
210ba8.1b50: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
211ba8.1b50: FileDescription: NT Layer DLL
212ba8.1b50: \SystemRoot\System32\kernel32.dll:
213ba8.1b50: CreationTime: 2017-10-11T16:58:10.744515000Z
214ba8.1b50: LastWriteTime: 2017-09-13T15:27:59.681000000Z
215ba8.1b50: ChangeTime: 2017-10-11T17:31:52.656654100Z
216ba8.1b50: FileAttributes: 0x20
217ba8.1b50: Size: 0x11c000
218ba8.1b50: NT Headers: 0xe0
219ba8.1b50: Timestamp: 0x59b94f29
220ba8.1b50: Machine: 0x8664 - amd64
221ba8.1b50: Timestamp: 0x59b94f29
222ba8.1b50: Image Version: 6.1
223ba8.1b50: SizeOfImage: 0x11f000 (1175552)
224ba8.1b50: Resource Dir: 0x116000 LB 0x528
225ba8.1b50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
226ba8.1b50: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
227ba8.1b50: ProductName: Microsoft® Windows® Operating System
228ba8.1b50: ProductVersion: 6.1.7601.23915
229ba8.1b50: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
230ba8.1b50: FileDescription: Windows NT BASE API Client DLL
231ba8.1b50: \SystemRoot\System32\KernelBase.dll:
232ba8.1b50: CreationTime: 2017-10-11T16:58:10.479499800Z
233ba8.1b50: LastWriteTime: 2017-09-13T15:27:59.681000000Z
234ba8.1b50: ChangeTime: 2017-10-11T17:31:52.656654100Z
235ba8.1b50: FileAttributes: 0x20
236ba8.1b50: Size: 0x66800
237ba8.1b50: NT Headers: 0xe8
238ba8.1b50: Timestamp: 0x59b94f2a
239ba8.1b50: Machine: 0x8664 - amd64
240ba8.1b50: Timestamp: 0x59b94f2a
241ba8.1b50: Image Version: 6.1
242ba8.1b50: SizeOfImage: 0x6a000 (434176)
243ba8.1b50: Resource Dir: 0x68000 LB 0x530
244ba8.1b50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
245ba8.1b50: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
246ba8.1b50: ProductName: Microsoft® Windows® Operating System
247ba8.1b50: ProductVersion: 6.1.7601.23915
248ba8.1b50: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
249ba8.1b50: FileDescription: Windows NT BASE API Client DLL
250ba8.1b50: \SystemRoot\System32\apisetschema.dll:
251ba8.1b50: CreationTime: 2017-10-11T16:58:09.646452200Z
252ba8.1b50: LastWriteTime: 2017-09-13T15:27:55.360000000Z
253ba8.1b50: ChangeTime: 2017-10-11T17:31:50.394650100Z
254ba8.1b50: FileAttributes: 0x20
255ba8.1b50: Size: 0x1a00
256ba8.1b50: NT Headers: 0xc0
257ba8.1b50: Timestamp: 0x59b94ec4
258ba8.1b50: Machine: 0x8664 - amd64
259ba8.1b50: Timestamp: 0x59b94ec4
260ba8.1b50: Image Version: 6.1
261ba8.1b50: SizeOfImage: 0x50000 (327680)
262ba8.1b50: Resource Dir: 0x30000 LB 0x3f8
263ba8.1b50: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
264ba8.1b50: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
265ba8.1b50: ProductName: Microsoft® Windows® Operating System
266ba8.1b50: ProductVersion: 6.1.7601.23915
267ba8.1b50: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
268ba8.1b50: FileDescription: ApiSet Schema DLL
269ba8.1b50: NtOpenDirectoryObject failed on \Driver: 0xc0000022
270ba8.1b50: supR3HardenedWinFindAdversaries: 0x2
271ba8.1b50: \SystemRoot\System32\drivers\symevent64x86.sys:
272ba8.1b50: CreationTime: 2015-02-27T12:55:28.479807000Z
273ba8.1b50: LastWriteTime: 2017-07-23T11:59:19.679083600Z
274ba8.1b50: ChangeTime: 2017-07-23T11:59:19.679083600Z
275ba8.1b50: FileAttributes: 0x20
276ba8.1b50: Size: 0x190a8
277ba8.1b50: NT Headers: 0xe0
278ba8.1b50: Timestamp: 0x584f629e
279ba8.1b50: Machine: 0x8664 - amd64
280ba8.1b50: Timestamp: 0x584f629e
281ba8.1b50: Image Version: 6.2
282ba8.1b50: SizeOfImage: 0x23000 (143360)
283ba8.1b50: Resource Dir: 0x21000 LB 0x3c8
284ba8.1b50: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
285ba8.1b50: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
286ba8.1b50: ProductName: SYMEVENT
287ba8.1b50: ProductVersion: 14.0.4.16
288ba8.1b50: FileVersion: 14.0.4.16
289ba8.1b50: FileDescription: Symantec Event Library
290ba8.1b50: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
291ba8.1b50: Calling main()
292ba8.1b50: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
293ba8.1b50: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
294ba8.1b50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
295ba8.1b50: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
296ba8.1b50: SUPR3HardenedMain: Respawn #2
297ba8.1b50: supR3HardNtEnableThreadCreation:
298ba8.1b50: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
299ba8.1b50: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
300ba8.1b50: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
301ba8.1b50: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
302ba8.1b50: supR3HardenedDllNotificationCallback: load 000007fefcc80000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
303ba8.1b50: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
304ba8.1b50: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc80000 'C:\Windows\system32\apphelp.dll'
305ba8.1b50: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770da360 pvNtTerminateThread=00000000770fc260
306ba8.1b50: supR3HardenedWinDoReSpawn(2): New child 17c0.10cc [kernel32].
307ba8.1b50: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
308ba8.1b50: supR3HardNtPuChFindNtdll: uNtDllParentAddr=00000000770b0000 uNtDllChildAddr=00000000770b0000
309ba8.1b50: supR3HardenedWinSetupChildInit: uLdrInitThunk=00000000770da360
310ba8.1b50: supR3HardenedWinSetupChildInit: Start child.
311ba8.1b50: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 6 ms.
312ba8.1b50: supR3HardNtChildPurify: Startup delay kludge #1/0: 526 ms, 48 sleeps
313ba8.1b50: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
314ba8.1b50: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
315ba8.1b50: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
316ba8.1b50: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
317ba8.1b50: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
318ba8.1b50: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
319ba8.1b50: 0000000000041000-000000000004ffff 0x0001/0x0000 0x0000000
320ba8.1b50: *0000000000050000-0000000000050fff 0x0004/0x0004 0x0020000
321ba8.1b50: 0000000000051000-000000000010ffff 0x0001/0x0000 0x0000000
322ba8.1b50: *0000000000110000-000000000020bfff 0x0000/0x0004 0x0020000
323ba8.1b50: 000000000020c000-000000000020dfff 0x0104/0x0004 0x0020000
324ba8.1b50: 000000000020e000-000000000020ffff 0x0004/0x0004 0x0020000
325ba8.1b50: 0000000000210000-00000000770affff 0x0001/0x0000 0x0000000
326ba8.1b50: *00000000770b0000-00000000770b0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
327ba8.1b50: 00000000770b1000-00000000771adfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
328ba8.1b50: 00000000771ae000-00000000771dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
329ba8.1b50: 00000000771dd000-00000000771e6fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
330ba8.1b50: 00000000771e7000-00000000771e7fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
331ba8.1b50: 00000000771e8000-00000000771eafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
332ba8.1b50: 00000000771eb000-0000000077259fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
333ba8.1b50: 000000007725a000-000000007efdffff 0x0001/0x0000 0x0000000
334ba8.1b50: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
335ba8.1b50: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
336ba8.1b50: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
337ba8.1b50: 000000007fff0000-000000013fb1ffff 0x0001/0x0000 0x0000000
338ba8.1b50: *000000013fb20000-000000013fb20fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
339ba8.1b50: 000000013fb21000-000000013fb91fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
340ba8.1b50: 000000013fb92000-000000013fb92fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
341ba8.1b50: 000000013fb93000-000000013fbd8fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
342ba8.1b50: 000000013fbd9000-000000013fbd9fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
343ba8.1b50: 000000013fbda000-000000013fbdafff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
344ba8.1b50: 000000013fbdb000-000000013fbdffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
345ba8.1b50: 000000013fbe0000-000000013fbe0fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
346ba8.1b50: 000000013fbe1000-000000013fbe1fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
347ba8.1b50: 000000013fbe2000-000000013fbe5fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
348ba8.1b50: 000000013fbe6000-000000013fc2dfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
349ba8.1b50: 000000013fc2e000-000007feff3cffff 0x0001/0x0000 0x0000000
350ba8.1b50: *000007feff3d0000-000007feff3d0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
351ba8.1b50: 000007feff3d1000-000007fffffaffff 0x0001/0x0000 0x0000000
352ba8.1b50: *000007fffffb0000-000007fffffd2fff 0x0002/0x0002 0x0040000
353ba8.1b50: 000007fffffd3000-000007fffffd7fff 0x0001/0x0000 0x0000000
354ba8.1b50: *000007fffffd8000-000007fffffd8fff 0x0004/0x0004 0x0020000
355ba8.1b50: 000007fffffd9000-000007fffffddfff 0x0001/0x0000 0x0000000
356ba8.1b50: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
357ba8.1b50: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
358ba8.1b50: apisetschema.dll: timestamp 0x59b94ec4 (rc=VINF_SUCCESS)
359ba8.1b50: VirtualBox.exe: timestamp 0x59e6e5d5 (rc=VINF_SUCCESS)
360ba8.1b50: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
361ba8.1b50: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
362ba8.1b50: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
363ba8.1b50: supR3HardNtChildPurify: Done after 573 ms and 0 fixes (loop #0).
364ba8.1b50: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
36517c0.10cc: Log file opened: 5.2.0r118431 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
36617c0.10cc: supR3HardenedVmProcessInit: uNtDllAddr=00000000770b0000 g_uNtVerCombined=0x611db100
367ba8.1b50: supR3HardNtEnableThreadCreation:
36817c0.10cc: ntdll.dll: timestamp 0x59b94ee4 (rc=VINF_SUCCESS)
36917c0.10cc: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
37017c0.10cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
37117c0.10cc: System32: \Device\HarddiskVolume2\Windows\System32
37217c0.10cc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
37317c0.10cc: KnownDllPath: C:\Windows\system32
37417c0.10cc: supR3HardenedVmProcessInit: Opening vboxdrv...
37517c0.10cc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
37617c0.10cc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
37717c0.10cc: Registered Dll notification callback with NTDLL.
37817c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
37917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
38017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
38117c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
38217c0.10cc: supR3HardenedDllNotificationCallback: load 0000000076e90000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
38317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
38417c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcdc0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
38517c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
38617c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
38717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e90000 'C:\Windows\system32\kernel32.dll'
38817c0.10cc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=00000000770da360 pvNtTerminateThread=00000000770fc260
389ba8.1b50: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 47 ms.
39017c0.10cc: \SystemRoot\System32\ntdll.dll:
39117c0.10cc: CreationTime: 2017-10-11T16:58:12.052589800Z
39217c0.10cc: LastWriteTime: 2017-09-13T15:31:56.094569800Z
39317c0.10cc: ChangeTime: 2017-10-11T17:31:50.425850200Z
39417c0.10cc: FileAttributes: 0x20
39517c0.10cc: Size: 0x1a7100
39617c0.10cc: NT Headers: 0xe0
39717c0.10cc: Timestamp: 0x59b94ee4
39817c0.10cc: Machine: 0x8664 - amd64
39917c0.10cc: Timestamp: 0x59b94ee4
40017c0.10cc: Image Version: 6.1
40117c0.10cc: SizeOfImage: 0x1aa000 (1744896)
40217c0.10cc: Resource Dir: 0x14e000 LB 0x5a028
40317c0.10cc: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
40417c0.10cc: [Raw version resource data: 0x14e0f0 LB 0x380, codepage 0x0 (reserved 0x0)]
40517c0.10cc: ProductName: Microsoft® Windows® Operating System
40617c0.10cc: ProductVersion: 6.1.7601.23915
40717c0.10cc: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
40817c0.10cc: FileDescription: NT Layer DLL
40917c0.10cc: \SystemRoot\System32\kernel32.dll:
41017c0.10cc: CreationTime: 2017-10-11T16:58:10.744515000Z
41117c0.10cc: LastWriteTime: 2017-09-13T15:27:59.681000000Z
41217c0.10cc: ChangeTime: 2017-10-11T17:31:52.656654100Z
41317c0.10cc: FileAttributes: 0x20
41417c0.10cc: Size: 0x11c000
41517c0.10cc: NT Headers: 0xe0
41617c0.10cc: Timestamp: 0x59b94f29
41717c0.10cc: Machine: 0x8664 - amd64
41817c0.10cc: Timestamp: 0x59b94f29
41917c0.10cc: Image Version: 6.1
42017c0.10cc: SizeOfImage: 0x11f000 (1175552)
42117c0.10cc: Resource Dir: 0x116000 LB 0x528
42217c0.10cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
42317c0.10cc: [Raw version resource data: 0x1160b0 LB 0x3a4, codepage 0x0 (reserved 0x0)]
42417c0.10cc: ProductName: Microsoft® Windows® Operating System
42517c0.10cc: ProductVersion: 6.1.7601.23915
42617c0.10cc: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
42717c0.10cc: FileDescription: Windows NT BASE API Client DLL
42817c0.10cc: \SystemRoot\System32\KernelBase.dll:
42917c0.10cc: CreationTime: 2017-10-11T16:58:10.479499800Z
43017c0.10cc: LastWriteTime: 2017-09-13T15:27:59.681000000Z
43117c0.10cc: ChangeTime: 2017-10-11T17:31:52.656654100Z
43217c0.10cc: FileAttributes: 0x20
43317c0.10cc: Size: 0x66800
43417c0.10cc: NT Headers: 0xe8
43517c0.10cc: Timestamp: 0x59b94f2a
43617c0.10cc: Machine: 0x8664 - amd64
43717c0.10cc: Timestamp: 0x59b94f2a
43817c0.10cc: Image Version: 6.1
43917c0.10cc: SizeOfImage: 0x6a000 (434176)
44017c0.10cc: Resource Dir: 0x68000 LB 0x530
44117c0.10cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
44217c0.10cc: [Raw version resource data: 0x680b0 LB 0x3ac, codepage 0x0 (reserved 0x0)]
44317c0.10cc: ProductName: Microsoft® Windows® Operating System
44417c0.10cc: ProductVersion: 6.1.7601.23915
44517c0.10cc: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
44617c0.10cc: FileDescription: Windows NT BASE API Client DLL
44717c0.10cc: \SystemRoot\System32\apisetschema.dll:
44817c0.10cc: CreationTime: 2017-10-11T16:58:09.646452200Z
44917c0.10cc: LastWriteTime: 2017-09-13T15:27:55.360000000Z
45017c0.10cc: ChangeTime: 2017-10-11T17:31:50.394650100Z
45117c0.10cc: FileAttributes: 0x20
45217c0.10cc: Size: 0x1a00
45317c0.10cc: NT Headers: 0xc0
45417c0.10cc: Timestamp: 0x59b94ec4
45517c0.10cc: Machine: 0x8664 - amd64
45617c0.10cc: Timestamp: 0x59b94ec4
45717c0.10cc: Image Version: 6.1
45817c0.10cc: SizeOfImage: 0x50000 (327680)
45917c0.10cc: Resource Dir: 0x30000 LB 0x3f8
46017c0.10cc: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
46117c0.10cc: [Raw version resource data: 0x30060 LB 0x398, codepage 0x0 (reserved 0x0)]
46217c0.10cc: ProductName: Microsoft® Windows® Operating System
46317c0.10cc: ProductVersion: 6.1.7601.23915
46417c0.10cc: FileVersion: 6.1.7601.23915 (win7sp1_ldr.170913-0600)
46517c0.10cc: FileDescription: ApiSet Schema DLL
46617c0.10cc: NtOpenDirectoryObject failed on \Driver: 0xc0000022
46717c0.10cc: supR3HardenedWinFindAdversaries: 0x2
46817c0.10cc: \SystemRoot\System32\drivers\symevent64x86.sys:
46917c0.10cc: CreationTime: 2015-02-27T12:55:28.479807000Z
47017c0.10cc: LastWriteTime: 2017-07-23T11:59:19.679083600Z
47117c0.10cc: ChangeTime: 2017-07-23T11:59:19.679083600Z
47217c0.10cc: FileAttributes: 0x20
47317c0.10cc: Size: 0x190a8
47417c0.10cc: NT Headers: 0xe0
47517c0.10cc: Timestamp: 0x584f629e
47617c0.10cc: Machine: 0x8664 - amd64
47717c0.10cc: Timestamp: 0x584f629e
47817c0.10cc: Image Version: 6.2
47917c0.10cc: SizeOfImage: 0x23000 (143360)
48017c0.10cc: Resource Dir: 0x21000 LB 0x3c8
48117c0.10cc: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
48217c0.10cc: [Raw version resource data: 0x210b8 LB 0x310, codepage 0x4e4 (reserved 0x0)]
48317c0.10cc: ProductName: SYMEVENT
48417c0.10cc: ProductVersion: 14.0.4.16
48517c0.10cc: FileVersion: 14.0.4.16
48617c0.10cc: FileDescription: Symantec Event Library
48717c0.10cc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
48817c0.10cc: Calling main()
48917c0.10cc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
49017c0.10cc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
49117c0.10cc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
49217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
49317c0.10cc: SUPR3HardenedMain: Final process, opening VBoxDrv...
49417c0.10cc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
49517c0.10cc: supR3HardNtEnableThreadCreation:
49617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
49717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
49817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b401:<flags> [calling]
49917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef8c30000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
50117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208b81:<flags> [calling]
50417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000208b81:<flags> [calling]
50717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8c30000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
50917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
51017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
51117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
51217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
51317c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
51417c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
51517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
51617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
51717c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
51817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
51917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
52017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
52117c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
52217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
52317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
52417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
52517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
52617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
52717c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
52817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
52917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
53017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
53117c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
53217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
53317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
53417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
53517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
53617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
53717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
53817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
53917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d211:<flags> [calling]
54017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
54217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd900000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
54417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54517c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
54617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
54717c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcdb0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
54817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
54917c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd760000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
55017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
55117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\Wintrust.dll'
55217c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
55317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
55417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d211:<flags> [calling]
55517c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
55617c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc6c0000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
55717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
55817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6c0000 'C:\Windows\system32\bcrypt.dll'
55917c0.10cc: bcrypt.dll loaded at 000007fefc6c0000, BCryptOpenAlgorithmProvider at 000007fefc6c2460, preloading providers:
56017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
56117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
56217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
56317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
56417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
56517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
56617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
56717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
56817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
56917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
57017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
57117c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
57217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
57317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
57417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
57517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
57617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
57717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
57817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
57917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d1f1:<flags> [calling]
58017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
58117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc1b0000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
58217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
58317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd4e0000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
58417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
58517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
58617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
58717c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
58817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
58917c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefe300000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
59017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
59117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc1b0000 'C:\Windows\system32\bcryptprimitives.dll'
59217c0.10cc: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000080d970)
59317c0.10cc: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000080f830)
59417c0.10cc: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000080f960)
59517c0.10cc: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000080fb80)
59617c0.10cc: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000080fcb0)
59717c0.10cc: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000080fde0)
59817c0.10cc: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=0000000000810030)
59917c0.10cc: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=0000000000810160)
60017c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
60117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
60217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
60317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
60417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
60517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
60617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
60717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
60817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cd61:<flags> [calling]
60917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
61017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc850000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
61117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
61217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\CRYPTSP.dll'
61317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
61417c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
61517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
61617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
61717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
61817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
61917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ccf1:<flags> [calling]
62017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc250000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
62217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc250000 'C:\Windows\system32\rsaenh.dll'
62417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
62517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c581:<flags> [calling]
62617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
62717c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
62817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
62917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c901:<flags> [calling]
63017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
63117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcd20000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
63217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
63317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\CRYPTBASE.dll'
63417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
63517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c331:<flags> [calling]
63617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e90000 'C:\Windows\system32\kernel32.dll'
63717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
63817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ccc1:<flags> [calling]
63917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\WINTRUST.DLL'
64017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
64117c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020caf1:<flags> [calling]
64217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPT32.dll'
64317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
64417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
64517c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
64617c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
64717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
64817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
64917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
65017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
65117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65217c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cb41:<flags> [calling]
65417c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
65517c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd290000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
65617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
65717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd290000 'C:\Windows\system32\imagehlp.dll'
65817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
65917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cc91:<flags> [calling]
66017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\CRYPTSP.dll'
66117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
66217c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
66317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
66417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
66517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
66617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
66717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
66817c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
66917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
67017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
67117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
67217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
67317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
67417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
67517c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
67617c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
67717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
67817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
67917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
68017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
68117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
68217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
68417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
68517c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
68617c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
68717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
68817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
68917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
69017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
69117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
69217c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
69317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
69417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
69517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
69617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
69717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
69817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
69917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70217c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c7c1:<flags> [calling]
70317c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
70417c0.10cc: supR3HardenedDllNotificationCallback: load 0000000076fb0000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
70517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
70617c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
70717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
70817c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd6d0000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
70917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
71017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd1c0000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
71117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
71217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
71317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bcc1:<flags> [calling]
71417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\gdi32.dll'
71517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
71617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
71717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
71817c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
71917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
72017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
72117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
72217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
72317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
72417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
72517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
72617c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
72717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
72817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
72917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
73017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
73117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
73217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
73317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
73417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
73517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
73617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
73717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
73817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
73917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
74017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
74117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
74217c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
74317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
74417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
74517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
74617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b601:<flags> [calling]
74717c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
74817c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd2b0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
74917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
75017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd5c0000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
75117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
75217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\IMM32.DLL'
75317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fb0000 'C:\Windows\system32\USER32.dll'
75417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
75517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
75617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
75717c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
75817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
75917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
76017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
76117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
76217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
76417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
76517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
76617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
76717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
76817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020cac1:<flags> [calling]
76917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
77017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc3a0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
77117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
77217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc3a0000 'C:\Windows\system32\ncrypt.dll'
77317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
77417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c8b1:<flags> [calling]
77517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6c0000 'C:\Windows\system32\bcrypt.dll'
77617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
77717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
77817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
77917c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
78017c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
78117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
78217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
78317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
78417c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
78517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
78617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
78717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
78817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
78917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
79017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
79117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
79217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
79317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
79417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
79517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c241:<flags> [calling]
79617c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
79717c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd0c0000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
79817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
79917c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcda0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
80017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
80117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\USERENV.dll'
80217c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
80317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bfa1:<flags> [calling]
80417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
80517c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
80617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c331:<flags> [calling]
80717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
80817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
80917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
81017c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
81117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
81217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
81317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
81417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
81517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
81617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
81717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
81817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c561:<flags> [calling]
81917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
82017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefc0b0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
82117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
82217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc0b0000 'C:\Windows\system32\GPAPI.dll'
82317c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
82417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c4b1:<flags> [calling]
82517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
82617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
82717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bbb1:<flags> [calling]
82817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\rpcrt4.dll'
82917c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
83017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c491:<flags> [calling]
83117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-Management-L2-1-0.dll'
83217c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
83317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c4a1:<flags> [calling]
83417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
83517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
83617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
83717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
83817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
83917c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
84017c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
84117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
84217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
84317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84417c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
84517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
84617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
84717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
84817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
84917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
85017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
85117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
85217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
85317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
85417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
85517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
85617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
85717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
85817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bfa1:<flags> [calling]
85917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef1d20000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
86117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86217c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd160000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
86317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
86417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
86617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
86717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
86917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
87017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87117c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
87217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
87317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
87517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
87617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
87817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
87917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000020b1d1:<flags> [calling]
88117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
88217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
88417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
88617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
88817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
89017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
89217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1d20000 'C:\Windows\system32\cryptnet.dll'
89317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
89417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000087f6c0
89517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
89617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1F5E05BCF645241EEA763D2EB09C25AC95452663
89717c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
89817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c281:<flags> [calling]
89917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
90017c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
90117c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bde1:<flags> [calling]
90217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
90317c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
90417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bde1:<flags> [calling]
90517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
90617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
90717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c281:<flags> [calling]
90817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
90917c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
91017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020c231:<flags> [calling]
91117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
91217c0.10cc: supR3HardenedIsApiSetDll: '<NULL>' -> true
91317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000020bf21:<flags> [calling]
91417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
91517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
91617c0.10cc: g_pfnWinVerifyTrust=000007fefd121010
91717c0.10cc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
91817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
91917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
92017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
92117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F77D21FA60E897144706C54D4A369C8DA3A96EDC
92217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
92317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
92417c0.10cc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
92517c0.10cc: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
92617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
92717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
92817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
92917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=64DB0BCE4F2D99E4624F5476790FB954117C96EF
93017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
93117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
93217c0.10cc: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
93317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
93417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
93517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
93617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
93717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
93817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
93917c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
94017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b0 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
94117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
94217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
94317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=39AF46E16CB63BADF4DB0AE7F539D8C4373E13BA
94417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
94517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
94617c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
94717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000026c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
94817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
94917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
95017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
95117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
95217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
95317c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
95417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
95517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
95617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
95717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
95817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
95917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96017c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
96117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
96217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
96317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
96417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
96517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
96617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96717c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
96817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
96917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
97017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
97117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2BBA3367EA1E5C673D52D2309BE2745A7A5FB2C4
97217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
97317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97417c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
97517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
97617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
97717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
97817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B18074E6500B26B9675D6739EF0E6FFC56E8E0CA
97917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
98017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
98117c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
98217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
98317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
98417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
98517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
98617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
98717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
98817c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
98917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
99017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
99117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
99217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8AE1E4C5A6AE2CD7C2699FE89EFC72F3203BC58E
99317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
99417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
99517c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
99617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
99717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
99817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
99917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=54204179B88581EFC0328D16D151171EADAA7023
100017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
100117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100217c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
100317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
100417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
100517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
100617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D767C07C15EAAFC316567AB2F5CA7B85CCD70E2
100717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
100817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100917c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
101017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
101117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
101217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
101317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03BB259EC2F9D61B0941E0635513FFA135E07009
101417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
101517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
101617c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
101717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
101817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
101917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
102017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
102117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
102217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102317c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
102417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
102517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
102617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
102717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D5FC4F2CD5240E1C8EE8C6C3E3DFE4029596EF9C
102817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
102917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
103017c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
103117c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
103217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
103317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
103417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
103517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
103617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
103717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
103817c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
103917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
104017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
104117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
104217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
104317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
104417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
104517c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
104617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
104717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
104817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
104917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B9FB78D95C611EC480818A4744EAB8FFEAD97B10
105017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
105117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
105217c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
105317c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
105417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
105517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
105617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
105717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A37B61527FAD2E36038B930574FF8D168775773B
105817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
105917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106017c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
106117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
106217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
106317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
106417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
106517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
106617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106717c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
106817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
106917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
107017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
107117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
107217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
107317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107417c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
107517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
107617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
107717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
107817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B1742B12D9CD2C2B26686DFFDD19ECDAC844FF8
107917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
108017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108117c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
108217c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
108317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
108417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
108517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
108617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B1DD6C04D2033BFDBE0C5B410EB7F5495BDBFD7E
108717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
108817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108917c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
109017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
109117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
109217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
109317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EC8F4EEF117488A42CEE6E26D5D82A459287E403
109417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
109517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
109617c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
109717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
109817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bd21:<flags> [calling]
109917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\crypt32.dll'
110017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
110117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1e8a2ea9a3f7e300 CN=Generic Root Trust CA
110217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
110317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
110417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
110517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
110617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3ab0f0b15eb2df00 C=KY, ST=GrandCayman, L=GeorgeTown, O=GoldenFrog-Inc, CN=GoldenFrog-Inc CA, Email=admin@goldenfrog.com
110717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
110817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
110917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
111017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
111117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
111217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
111317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
111417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
111517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
111617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
111717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
111817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
111917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
112017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
112117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
112217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
112317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
112417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
112517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
112617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
112717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
112817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
112917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
113017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
113117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
113217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
113317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
113417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x2fba703484f19900 C=DE, O=D-Trust GmbH, CN=D-TRUST Root Class 3 CA 2 EV 2009
113517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
113617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
113717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
113817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
113917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
114017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
114117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x5534b165029017e7 C=US, O=Equifax Secure Inc., CN=Equifax Secure Global eBusiness CA-1
114217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
114317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
114417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
114517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
114617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
114717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
114817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
114917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
115017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
115117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
115217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x30669a4e82fa800 C=US, O=America Online Inc., CN=America Online Root Certification Authority 1
115317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
115417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
115517c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
115617c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
115717c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xab549401526569d3 L=Internet, O=VeriSign, Inc., OU=VeriSign Commercial Software Publishers CA
115817c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xe66b56ffc86e50a4 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Server CA, Email=server-certs@thawte.com
115917c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
116017c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
116117c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
116217c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
116317c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
116417c0.10cc: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
116517c0.10cc: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=65
116617c0.10cc: SUPR3HardenedMain: Load Runtime...
116717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
116817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
116917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
117017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
117117c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
117217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
117317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
117417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
117517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
117617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
117717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
117817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
117917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
118017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
118117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
118217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
118317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
118417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
118517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
118617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
118717c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
118817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
118917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
119017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
119117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
119217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
119317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
119417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
119517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
119617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
119717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
119817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
119917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
120017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
120117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
120217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
120317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000448 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
120417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
120517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
120617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
120717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
120817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
120917c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
121017c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
121117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
121217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
121317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
121417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
121517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
121617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c051:<flags> [calling]
121717c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
121817c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee32e0000 LB 0x00595000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
121917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
122017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
122117c0.10cc: supR3HardenedDllNotificationCallback: load 0000000073560000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
122217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
122317c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
122417c0.10cc: supR3HardenedDllNotificationCallback: load 0000000071a20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
122517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
122617c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefe2b0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
122717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
122817c0.10cc: supR3HardenedDllNotificationCallback: load 000007feff3b0000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
122917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
123017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
123117c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
123217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
123317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
123417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
123517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
123617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
123717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
123817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
123917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
124017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
124117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
124317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
124417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
124617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
124717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
124917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
125617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
125717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
125917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
126917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
127417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209791:<flags> [calling]
127517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee32e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
127917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
128017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dbb1:<flags> [calling]
128117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\Wintrust.dll'
128217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
128317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c701:<flags> [calling]
128417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\crypt32.dll'
128517c0.10cc: SUPR3HardenedMain: Load TrustedMain...
128617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
128717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
128817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
128917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
129017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
129117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
129217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
129317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
129417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
129517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
129617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
129717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
129817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
129917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
130017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
130117c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
130217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
130317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
130417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
130517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000490 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
130617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
130717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
130817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
130917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
131017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
131117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
131217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
131317c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
131417c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
131517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
131617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
131717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
131817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
131917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
132017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6E76105B511B0668122629A2554FAFBBE17CD6DF
132117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
132217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
132317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
132417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
132517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
132617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
132717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
132817c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
132917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
133017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
133117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
133217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000049c pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
133317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
133417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
133517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9DDF928A79649EE6EF62D5AAEDE2609045F68737
133617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
133717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
133817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
133917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
134017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
134117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
134217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
134317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
134417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
134517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
134617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
134717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
134817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
134917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66792BA817E2D5077D918A98F547AEB0248EE258
135017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
135117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
135217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
135317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
135417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
135517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
135617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
135717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
135817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
135917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
136017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
136117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
136217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
136317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
136417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
136517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
136617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
136717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
136817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
136917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
137017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
137117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
137217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
137317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
137417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
137517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
137617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
137717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
137817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
137917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
138017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
138117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
138217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
138317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
138417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
138517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
138617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
138717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
138817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
138917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
139017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
139117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
139217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
139317c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
139417c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
139517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
139617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
139717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
139817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
139917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
140017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
140117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
140217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
140317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
140417c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
140517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
140617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
140717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
140817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
140917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
141017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
141117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
141217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
141317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
141417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
141517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
141617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
141717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
141817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
141917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
142017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
142117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
142217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
142317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
142417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
142517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
142617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
142717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
142817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000488 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
142917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
143017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
143117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
143217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
143317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
143417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
143517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
143617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
143717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
143817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
143917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
144017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
144117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
144217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
144317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
144417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
144517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
144617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a0 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
144717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
144817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
144917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
145017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
145117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
145217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
145317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
145417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
145517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
145617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
145717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
145817c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
145917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
146017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
146117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
146217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
146317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
146417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
146517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
146617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
146717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
146817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
146917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
147017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
147117c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
147217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
147317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
147417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
147517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
147617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
147717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
147817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
147917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
148017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
148117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
148217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
148317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
148417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
148517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
148617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
148717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
148817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
148917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
149017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
149117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
149217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
149317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
149417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
149517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
149617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
149717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
149817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
149917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
150017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
150117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
150217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
150317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
150417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
150517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
150617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
150717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
150817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
150917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
151017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
151117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
151317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
151417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
151517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
151617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
151717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
151817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
151917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
152017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
152117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
152217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
152317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
152417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
152517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
152617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
152717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
152817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
152917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
153017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
153117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
153217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
153317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
153417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
153517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
153617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
153717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
153817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
153917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
154017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
154117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
154217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
154317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
154417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
154517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
154617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
154717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
154817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
154917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
155017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
155117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
155217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
155317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
155417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
155517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
155617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
155717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
155817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
155917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
156017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
156117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
156217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
156317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
156417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
156517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
156617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
156717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
156817c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
156917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
157017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
157117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
157217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
157317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
157417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
157517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
157617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
157717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
157817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
158017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
158117c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
158217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
158317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
158417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
158517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
158617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
158717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
158817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
158917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
159017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
159117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
159217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
159517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
159617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
159717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
159817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
159917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
160017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
160117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
160217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
160317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
160417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
160517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
160617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
160717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
160817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
160917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
161217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
161317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
161417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
161517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
161617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
161717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
161817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
161917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
162017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
162117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
162217c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll) WinVerifyTrust
162317c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
162417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
162717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
162817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
162917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
163317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
163417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
163917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
164017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
164117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
164417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
164517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
164617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
164717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
164817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
165017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
165117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
165217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
165517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
165617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
165717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
165817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
165917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
166017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
166117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
166217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
166317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
166417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
166517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
166617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
166717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
166817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
166917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
167017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
167117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
167217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
167317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
167417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
167517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
167617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
167717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
167817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
167917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
168017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
168117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
168317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
168417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
168517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
168617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
168717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
168817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
168917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
169017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
169117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
169217c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
169317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
169417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
169517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
169617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
169717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c8 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
169817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
169917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
170017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
170117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
170217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
170317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
170417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
170517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
170617c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
170717c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
170817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
170917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
171017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e0 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
171117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
171217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
171317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
171417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
171517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
171617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
171717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
171817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
171917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
172017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
172117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
172217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
172317c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
172417c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
172517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
172617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
172717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
172817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
172917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004e4 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
173017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
173117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
173217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66AD59F39F40705A9BA47254FA40331C3501DB8F
173317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
173417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
173517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
173617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
173717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
173817c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
173917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
174017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
174317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
174417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
174517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
174617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
174717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
174817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
174917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
175017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
175117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
175217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004f0 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
175317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
175417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
175517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
175617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
175717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
175817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
175917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
176017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
176117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
176217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
176317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
176417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
176517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
176717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
176817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
176917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
177117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
177217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
177317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
177417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
177517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
177617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
177717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
177817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
177917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
178017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
178117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
178217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
178317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
178417c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
178517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
178617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
178717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
178817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
178917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
179017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
179117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
179217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
179317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
179417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
179517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
179617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
179717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
179817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
179917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
180017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
180117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
180217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
180317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
180417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
180517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
180617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
180717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
180817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
180917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020c061:<flags> [calling]
181017c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
181117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee2910000 LB 0x009cf000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
181217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
181317c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
181417c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee6ce0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
181517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
181617c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
181717c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef22b0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
181817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
181917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
182017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee6be0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
182117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
182217c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
182317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef8c20000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
182417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
182517c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefe320000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
182617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
182717c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefce50000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
182817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
182917c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefdea0000 LB 0x000da000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
183017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
183117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd2e0000 LB 0x001fc000 C:\Windows\system32\ole32.dll [fFlags=0x0]
183217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
183317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
183417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
183517c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
183617c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefb310000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
183717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
183817c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
183917c0.10cc: supR3HardenedDllNotificationCallback: load 000000006d740000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
184017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
184117c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefe500000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
184217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
184317c0.10cc: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
184417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
184517c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
184617c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefa6b0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
184717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
184817c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
184917c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee2310000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
185017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
185117c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
185217c0.10cc: supR3HardenedDllNotificationCallback: load 0000000065e90000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
185317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
185417c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
185517c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee6b80000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
185617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
185717c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
185817c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef8520000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
185917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
186017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefd9a0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
186117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
186217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
186317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
186417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
186517c0.10cc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
186617c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
186717c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef08f0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
186817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
186917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
187017c0.10cc: supR3HardenedDllNotificationCallback: load 0000000071b00000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
187117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
187217c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
187317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef8990000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
187417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
187517c0.10cc: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
187617c0.10cc: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
187717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
187817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
187917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
188017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
188117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
188217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
188317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
188417c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b631:<flags> [calling]
188517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2b0000 'C:\Windows\system32\imm32.dll'
188617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.DLL'
188717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
188817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
188917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\cryptbase.dll'
189017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee2910000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
189117c0.10cc: SUPR3HardenedMain: Calling TrustedMain (000007fee29114f0)...
189217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
189317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d911:<flags> [calling]
189417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ole32.dll'
189517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
189617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
189717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020bff1:<flags> [calling]
189817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcda0000 'C:\Windows\system32\profapi.dll'
189917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
190017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
190117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
190217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
190317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
190417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
190517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
190617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
190717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
190817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
190917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
191017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
191117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
191217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
191317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
191417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
191517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
191617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
191717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
191817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
191917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
192017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
192117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
192217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
192317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
192417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
192517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
192617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
192717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
192817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
192917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
193017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
193117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
193217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
193317c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
193417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
193517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
193617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
193717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
193817c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
193917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
194017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
194117c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e2e1:<flags> [calling]
194217c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
194317c0.10cc: supR3HardenedDllNotificationCallback: load 000007fee64e0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
194417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
194517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee64e0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
194617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
194717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e211:<flags> [calling]
194817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd20000 'C:\Windows\system32\CRYPTBASE.dll'
194917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000598 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
195017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
195117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
195217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
195317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
195417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
195517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
195617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
195717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
195817c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
195917c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
196017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
196117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
196217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
196317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
196417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
196517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
196617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dce1:<flags> [calling]
196717c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
196817c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefb6f0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
196917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
197017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6f0000 'C:\Windows\system32\uxtheme.dll'
197117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
197217c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d721:<flags> [calling]
197317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6f0000 'C:\Windows\system32\uxtheme.dll'
197417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
197517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d491:<flags> [calling]
197617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6f0000 'C:\Windows\system32\uxtheme.dll'
197717c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
197817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020d491:<flags> [calling]
197917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6f0000 'C:\Windows\system32\uxtheme.dll'
198017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fb0000 'C:\Windows\system32\user32.dll'
198117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
198217c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e521:<flags> [calling]
198317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
198417c0.10cc: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
198517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
198617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
198717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020dbc1:<flags> [calling]
198817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb310000 'C:\Windows\system32\dwmapi.dll'
198917c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
199017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e941:<flags> [calling]
199117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
199217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
199317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020e941:<flags> [calling]
199417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
199517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
199617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ec21:<flags> [calling]
199717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
199817c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
199917c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ebf1:<flags> [calling]
200017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb6f0000 'C:\Windows\system32\uxtheme.dll'
200117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\advapi32.dll'
200217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
200317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020eb51:<flags> [calling]
200417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0c0000 'C:\Windows\system32\userenv.dll'
200517c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
200617c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020ec31:<flags> [calling]
200717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076e90000 'C:\Windows\system32\kernel32.dll'
200817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005b0 pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
200917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
201017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
201117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
201217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
201317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
201417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
201517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
201617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
201717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
201817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
201917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
202017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
202117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
202217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
202317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
202417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
202517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
202617c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
202717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
202817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
202917c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
203017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
203117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
203317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
203417c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
203517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
203617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
203717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
203817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020b921:<flags> [calling]
203917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
204017c0.10cc: supR3HardenedDllNotificationCallback: load 000007feff310000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
204117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
204217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff310000 'C:\Windows\system32\CLBCatQ.DLL'
204317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
204417c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
204517c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a771:<flags> [calling]
204617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc850000 'C:\Windows\system32\CRYPTSP.dll'
204717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
204817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
204917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
205017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
205117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
205217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
205317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
205417c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
205517c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
205617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
205717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
205817c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a331:<flags> [calling]
205917c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
206017c0.10cc: supR3HardenedDllNotificationCallback: load 000007fefcd30000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
206117c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
206217c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcd30000 'C:\Windows\system32\RpcRtRemote.dll'
206317c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
206417c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
206517c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
206617c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
206717c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
206817c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
206917c0.18e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
207017c0.18e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
207117c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
207217c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
207317c0.18e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
207417c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
207517c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
207617c0.18e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
207717c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
207817c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
207917c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
208017c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
208117c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
208217c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
208317c0.18e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
208417c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
208517c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
208617c0.18e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000540ea91:<flags> [calling]
208717c0.18e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
208817c0.18e8: supR3HardenedDllNotificationCallback: load 000007fee1330000 LB 0x004ff000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
208917c0.18e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
209017c0.18e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1330000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
209117c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
209217c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
209317c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
209417c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
209517c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
209617c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
209717c0.18e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
209817c0.18e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
209917c0.18e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
210017c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
210117c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
210217c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
210317c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
210417c0.18e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
210517c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
210617c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
210717c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
210817c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
210917c0.18e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
211017c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
211117c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
211217c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
211317c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
211417c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
211517c0.18e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
211617c0.18e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000540d531:<flags> [calling]
211717c0.18e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
211817c0.18e8: supR3HardenedDllNotificationCallback: load 000007fee6ac0000 LB 0x000ba000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
211917c0.18e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
212017c0.18e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6ac0000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
212117c0.18e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
212217c0.18e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000540d3c1:<flags> [calling]
212317c0.18e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdea0000 'C:\Windows\system32\oleaut32.dll'
212417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
212517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\Windows\system32\gdi32.dll'
212617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
212717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000020a721:<flags> [calling]
212817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
212917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
213017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ole32.dll'
213117c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ole32.dll'
213217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
213317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000207b81:<flags> [calling]
213417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdea0000 'C:\Windows\system32\OLEAUT32.dll'
213517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000954 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
213617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
213717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
213817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
213917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
214017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
214117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
214217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
214317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
214417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
214517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
214617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
214717c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
214817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
214917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
215017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
215117c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
215217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
215317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
215417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
215517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
215617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
215717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
215817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
215917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
216017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000958 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
216117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
216217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
216317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
216417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll'
216517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
216617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
216717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
216817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
216917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
217017c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
217117c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll) WinVerifyTrust
217217c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
217317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
217417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
217517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
217617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
217717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
217817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
217917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
218017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
218117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
218217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
218317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
218417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
218517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
218617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
218717c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206411:<flags> [calling]
218817c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
218917c0.10cc: supR3HardenedDllNotificationCallback: load 000007feeb650000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
219017c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
219117c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
219217c0.10cc: supR3HardenedDllNotificationCallback: load 000007feebe40000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
219317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
219417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb650000 'C:\Windows\system32\wbem\wbemprox.dll'
219517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000980 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
219617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
219717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
219817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
219917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
220017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
220117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
220217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
220317c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
220417c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
220517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
220617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
220717c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
220817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
220917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
221017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206051:<flags> [calling]
221117c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
221217c0.10cc: supR3HardenedDllNotificationCallback: load 000007feeb490000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
221317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
221417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb490000 'C:\Windows\system32\wbem\wbemsvc.dll'
221517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
221617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
221717c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
221817c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
221917c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
222017c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
222117c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
222217c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
222317c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
222417c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
222517c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
222617c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
222717c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
222817c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
222917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
223017c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
223117c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000974 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
223217c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
223317c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
223417c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
223517c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
223617c0.10cc: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
223717c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
223817c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
223917c0.10cc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
224017c0.10cc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
224117c0.10cc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
224217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
224317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
224417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
224517c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
224617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
224717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
224817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
224917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
225017c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn.dll
225117c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
225217c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
225317c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
225417c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
225517c0.10cc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
225617c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
225717c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
225817c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
225917c0.10cc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
226017c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000206091:<flags> [calling]
226117c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
226217c0.10cc: supR3HardenedDllNotificationCallback: load 000007feeb660000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
226317c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
226417c0.10cc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
226517c0.10cc: supR3HardenedDllNotificationCallback: load 000007fef0260000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
226617c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
226717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feeb660000 'C:\Windows\system32\wbem\fastprox.dll'
226817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdea0000 'C:\Windows\system32\OLEAUT32.dll'
226917c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
227017c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
227117c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
227217c0.1274: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
227317c0.1274: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
227417c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
227517c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
227617c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
227717c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
227817c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
227917c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
228017c0.1274: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
228117c0.1274: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
228217c0.1274: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
228317c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
228417c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
228517c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
228617c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
228717c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
228817c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
228917c0.1274: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
229017c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
229117c0.1274: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
229217c0.1274: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000791e941:<flags> [calling]
229317c0.1274: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
229417c0.1274: supR3HardenedDllNotificationCallback: load 000007fee0bc0000 LB 0x002c7000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
229517c0.1274: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
229617c0.1274: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
229717c0.1274: supR3HardenedDllNotificationCallback: load 000000006b730000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
229817c0.1274: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxREM.dll
229917c0.1274: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
230017c0.76c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
230117c0.76c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
230217c0.76c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
230317c0.76c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
230417c0.76c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
230517c0.76c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
230617c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
230717c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
230817c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
230917c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
231017c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
231117c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
231217c0.76c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
231317c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
231417c0.76c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
231517c0.76c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000862daf1:<flags> [calling]
231617c0.76c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
231717c0.76c: supR3HardenedDllNotificationCallback: load 000007fef82a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
231817c0.76c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
231917c0.76c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef82a0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
232017c0.76c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000076fb0000 'C:\Windows\system32\User32.dll'
232117c0.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
232217c0.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
232317c0.1558: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
232417c0.1558: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
232517c0.1558: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
232617c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
232717c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
232817c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
232917c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
233017c0.1558: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
233117c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
233217c0.1558: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
233317c0.1558: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000089ad781:<flags> [calling]
233417c0.1558: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
233517c0.1558: supR3HardenedDllNotificationCallback: load 000007fef8290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
233617c0.1558: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
233717c0.1558: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8290000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
233817c0.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
233917c0.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
234017c0.ec4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
234117c0.ec4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
234217c0.ec4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
234317c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
234417c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
234517c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
234617c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
234717c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
234817c0.ec4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
234917c0.ec4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
235017c0.ec4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000076edc71:<flags> [calling]
235117c0.ec4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
235217c0.ec4: supR3HardenedDllNotificationCallback: load 000007fef5ca0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
235317c0.ec4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
235417c0.ec4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef5ca0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
235517c0.11d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
235617c0.11d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
235717c0.11d4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
235817c0.11d4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
235917c0.11d4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
236017c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
236117c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
236217c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
236317c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
236417c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
236517c0.11d4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
236617c0.11d4: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008d1de81:<flags> [calling]
236717c0.11d4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
236817c0.11d4: supR3HardenedDllNotificationCallback: load 000007fef20c0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
236917c0.11d4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
237017c0.11d4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef20c0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
237117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\Shell32.dll'
237217c0.1758: supR3HardenedIsApiSetDll: '<NULL>' -> true
237317c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007c58ff1:<flags> [calling]
237417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
237517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
237617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
237717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
237817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
237917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
238017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
238117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
238217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
238317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
238417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
238517c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
238617c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
238717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
238817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
238917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bb4 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
239017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
239117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
239217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
239317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
239417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
239517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
239617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
239717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
239817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
239917c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
240017c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
240117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
240217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
240317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
240417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
240517c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
240617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
240717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
240817c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
240917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
241017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
241117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
241217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
241317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
241417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
241517c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
241617c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
241717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
241817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
241917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
242017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
242117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
242217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
242317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
242417c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
242517c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
242617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
242717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
242817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
242917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
243017c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
243117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
243217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
243317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
243417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
243517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
243617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
243717c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
243817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
243917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
244017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
244117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
244217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
244317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
244417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
244517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
244617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
244717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
244817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
244917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
245017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
245117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
245217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000b98 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
245317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
245417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
245517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
245617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_421_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
245717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
245817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
245917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
246017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
246117c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
246217c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
246317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
246417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
246517c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
246617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
246717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
246817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
246917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
247017c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
247117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
247217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
247317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247517c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d5f1:<flags> [calling]
247617c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
247717c0.1758: supR3HardenedDllNotificationCallback: load 000007fee0200000 LB 0x009bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
247817c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD.dll
247917c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
248017c0.1758: supR3HardenedDllNotificationCallback: load 000007fee6470000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
248117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDDU.dll
248217c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
248317c0.1758: supR3HardenedDllNotificationCallback: load 000007fee6e80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
248417c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
248517c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
248617c0.1758: supR3HardenedDllNotificationCallback: load 000007fefa7a0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
248717c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
248817c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
248917c0.1758: supR3HardenedDllNotificationCallback: load 000007fefa790000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
249017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
249117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee0200000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
249217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxC.dll
249317c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d5f1:<flags> [calling]
249417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1330000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
249517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxDD2.dll
249617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d501:<flags> [calling]
249717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6e80000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
249817c0.161c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
249917c0.161c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
250017c0.161c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
250117c0.161c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
250217c0.161c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
250317c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
250417c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
250517c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
250617c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
250717c0.161c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxVMM.dll
250817c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
250917c0.161c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
251017c0.161c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000af2de41:<flags> [calling]
251117c0.161c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
251217c0.161c: supR3HardenedDllNotificationCallback: load 000007fef20b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
251317c0.161c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
251417c0.161c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef20b0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
251517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
251617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d451:<flags> [calling]
251717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\Iphlpapi.dll'
251817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000cf0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
251917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
252017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
252117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
252217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
252317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
252417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
252517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
252617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
252717c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
252817c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
252917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
253017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
253117c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
253217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
253317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
253417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
253517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
253617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e5a1:<flags> [calling]
253717c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
253817c0.1758: supR3HardenedDllNotificationCallback: load 000007fefa430000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
253917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
254017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa430000 'C:\Windows\system32\dhcpcsvc6.DLL'
254117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
254217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e2c1:<flags> [calling]
254317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\IPHLPAPI.DLL'
254417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d14 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
254517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
254617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
254717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
254817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
254917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
255017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
255217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
255317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
255417c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
255517c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
255617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
255717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
255817c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
255917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
256017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
256117c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
256217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
256317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
256417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
256517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
256617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e5f1:<flags> [calling]
256717c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
256817c0.1758: supR3HardenedDllNotificationCallback: load 000007fefa410000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
256917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
257017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa410000 'C:\Windows\system32\dhcpcsvc.DLL'
257117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
257217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e251:<flags> [calling]
257317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa7a0000 'C:\Windows\system32\IPHLPAPI.DLL'
257417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d84 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
257517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
257617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
257717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
257817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
257917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
258017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
258117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
258217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
258317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
258417c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
258517c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
258617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
258717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
258817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d88 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
258917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
259017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
259117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
259217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
259317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
259417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
259517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
259617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
259717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
259817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
259917c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
260017c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
260117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
260217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
260317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
260417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
260517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
260817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
260917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
261017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
261117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
261217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
261317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
261417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
261517c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
261617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
261717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
261817c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d461:<flags> [calling]
261917c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
262017c0.1758: supR3HardenedDllNotificationCallback: load 000007fefb220000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
262117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
262217c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
262317c0.1758: supR3HardenedDllNotificationCallback: load 000007fefaff0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
262417c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
262517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4e0000 'C:\Windows\system32\ADVAPI32.dll'
262617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb220000 'C:\Windows\System32\MMDevApi.dll'
262717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ole32.dll'
262817c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
262917c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d791:<flags> [calling]
263017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe320000 'C:\Windows\system32\SETUPAPI.dll'
263117c0.1254: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
263217c0.1254: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e9cf2e1:<flags> [calling]
263317c0.1254: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefce50000 'C:\Windows\system32\CFGMGR32.dll'
263417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dec pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
263517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
263617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
263717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
263817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
263917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
264017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
264117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
264217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
264317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
264417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
264517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
264617c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
264717c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
264817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
264917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
265017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000df0 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
265117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
265217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
265317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
265417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
265517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
265617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
265717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
265817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
265917c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
266017c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
266117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
266217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
266317c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
266417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
266517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
266617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
266717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
266817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
266917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
267017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
267317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
267417c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
267517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
267617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
267717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
267817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
267917c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d4f1:<flags> [calling]
268017c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
268117c0.1758: supR3HardenedDllNotificationCallback: load 000007fee6910000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
268217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
268317c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
268417c0.1758: supR3HardenedDllNotificationCallback: load 000007fefb270000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
268517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
268617c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
268717c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5c861:<flags> [calling]
268817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\System32\dsound.dll'
268917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\System32\dsound.dll'
269017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
269117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d5e1:<flags> [calling]
269217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
269317c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
269417c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e1e1:<flags> [calling]
269517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\SHLWAPI.dll'
269617c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
269717c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e401:<flags> [calling]
269817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb220000 'C:\Windows\system32\MMDEVAPI.DLL'
269917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2e0000 'C:\Windows\system32\ole32.dll'
270017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
270117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5e031:<flags> [calling]
270217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
270317c0.1758: supR3HardenedIsApiSetDll: '<NULL>' -> true
270417c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007c5de91:<flags> [calling]
270517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-Management-L1-1-0.dll'
270617c0.1758: supR3HardenedIsApiSetDll: '<NULL>' -> true
270717c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=0000000007c5de91:<flags> [calling]
270817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe300000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
270917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd760000 'C:\Windows\system32\RPCRT4.dll'
271017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
271117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5def1:<flags> [calling]
271217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb220000 'C:\Windows\system32\MMDevAPI.DLL'
271317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e10 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
271417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
271517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
271617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
271717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
271817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
271917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
272017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
272117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
272217c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
272317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
272417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
272517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
272617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
272717c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
272817c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
272917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
273017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
273117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e1c pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
273217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
273317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
273417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
273517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
273617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
273717c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
273817c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
273917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
274017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
274117c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
274217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
274317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
274417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e0c pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
274517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
274617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
274717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
274817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
274917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
275017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
275117c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
275217c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
275317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
275417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
275517c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
275617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
275717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
275817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
275917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
276017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
276117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
276217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
276517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
276617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5da61:<flags> [calling]
276717c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
276817c0.1758: supR3HardenedDllNotificationCallback: load 000007fefaab0000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
276917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
277017c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
277117c0.1758: supR3HardenedDllNotificationCallback: load 0000000071ed0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
277217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
277317c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
277417c0.1758: supR3HardenedDllNotificationCallback: load 000007fefb4c0000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
277517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
277617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
277717c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
277817c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5da61:<flags> [calling]
277917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
278017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
278117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc11:<flags> [calling]
278217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
278317c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
278417c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc11:<flags> [calling]
278517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
278617c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
278717c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc11:<flags> [calling]
278817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
278917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e40 pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
279017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
279117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
279217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
279317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_110_for_KB4041681~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
279417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
279517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
279617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
279717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
279817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
279917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
280017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
280117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
280217c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
280317c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
280417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
280517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
280617c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
280717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
280817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
280917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
281017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
281117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
281217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
281317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
281417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
281517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
281617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
281717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
281817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
281917c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc21:<flags> [calling]
282017c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
282117c0.1758: supR3HardenedDllNotificationCallback: load 000007fef7b10000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
282217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
282317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b10000 'C:\Windows\system32\AUDIOSES.DLL'
282417c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
282517c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc11:<flags> [calling]
282617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
282717c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
282817c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5dc11:<flags> [calling]
282917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
283017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaab0000 'C:\Windows\system32\wdmaud.drv'
283117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e4c pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
283217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
283317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
283417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
283517c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
283617c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
283717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
283817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
283917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
284017c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
284117c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
284217c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
284317c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
284417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
284517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
284617c0.1758: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
284717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
284817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
284917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e50 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
285017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
285117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
285217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
285317c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
285417c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
285517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
285617c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
285717c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
285817c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
285917c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
286017c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
286117c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
286217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
286317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
286417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
286517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
286617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
286717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
286817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
286917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
287017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
287117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
287217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
287317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
287417c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
287517c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
287617c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
287717c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
287817c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5da11:<flags> [calling]
287917c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
288017c0.1758: supR3HardenedDllNotificationCallback: load 000007fefb330000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
288117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
288217c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
288317c0.1758: supR3HardenedDllNotificationCallback: load 000007fefa160000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
288417c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
288517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
288617c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
288717c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
288817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
288917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
289017c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
289117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
289217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
289317c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
289417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
289517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
289617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
289717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
289817c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
289917c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
290017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
290117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
290217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d411:<flags> [calling]
290317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
290417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
290517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
290617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb330000 'C:\Windows\system32\msacm32.drv'
290717c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e30 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
290817c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
290917c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
291017c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
291117c0.1758: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
291217c0.1758: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
291317c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
291417c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
291517c0.1758: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
291617c0.1758: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
291717c0.1758: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
291817c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
291917c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
292017c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
292117c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
292217c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
292317c0.1758: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
292417c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5da11:<flags> [calling]
292517c0.1758: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
292617c0.1758: supR3HardenedDllNotificationCallback: load 000007fefb2a0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
292717c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
292817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\midimap.dll'
292917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
293017c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d3e1:<flags> [calling]
293117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\midimap.dll'
293217c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
293317c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d3e1:<flags> [calling]
293417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\midimap.dll'
293517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
293617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5da11:<flags> [calling]
293717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2a0000 'C:\Windows\system32\midimap.dll'
293817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
293917c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
294017c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d5a1:<flags> [calling]
294117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
294217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
294317c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\WINMM.dll'
294417c0.1274: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdea0000 'C:\Windows\system32\OLEAUT32.dll'
294517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
294617c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
294717c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
294817c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
294917c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
295017c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
295117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
295217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d7a1:<flags> [calling]
295317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
295417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
295517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
295617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d7a1:<flags> [calling]
295717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
295817c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
295917c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5eb51:<flags> [calling]
296017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
296117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
296217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d7a1:<flags> [calling]
296317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
296417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
296517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
296617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
296717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
296817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
296917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
297017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
297117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
297217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
297317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
297417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
297517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
297617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
297717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
297817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
297917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
298217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d771:<flags> [calling]
298317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
298417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
298817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
298917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
299117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5ed01:<flags> [calling]
299217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
299417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
299817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
299917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
300217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
300617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
300917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
301017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
301417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
301817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
301917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
302217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
302617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
302917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
303017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
303417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303517c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
303617c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5ed61:<flags> [calling]
303717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
303917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
304017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
304417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
304817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
304917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
305017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
305117c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
305217c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5d771:<flags> [calling]
305317c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
305417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
305517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
305617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
305717c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f70 pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
305817c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
305917c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
306017c0.12c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
306117c0.12c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e82cc81:<flags> [calling]
306217c0.12c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\WINTRUST.DLL'
306317c0.12c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
306417c0.12c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000e82cab1:<flags> [calling]
306517c0.12c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPT32.dll'
306617c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
306717c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
306817c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
306917c0.12c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
307017c0.12c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
307117c0.12c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
307217c0.12c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
307317c0.12c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
307417c0.12c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
307517c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
307617c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
307717c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
307817c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
307917c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
308017c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
308117c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
308217c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
308317c0.12c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e82ef21:<flags> [calling]
308417c0.12c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
308517c0.12c8: supR3HardenedDllNotificationCallback: load 000007fefc560000 LB 0x00055000 C:\Windows\system32\mswsock.dll [fFlags=0x0]
308617c0.12c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
308717c0.12c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc560000 'C:\Windows\system32\mswsock.dll'
308817c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f94 pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
308917c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000087f6c0
309017c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000087f6c0
309117c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
309217c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
309317c0.12c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
309417c0.12c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
309517c0.12c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
309617c0.12c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
309717c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
309817c0.12c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
309917c0.12c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000e82f0c1:<flags> [calling]
310017c0.12c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
310117c0.12c8: supR3HardenedDllNotificationCallback: load 000007fefbf00000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [fFlags=0x0]
310217c0.12c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
310317c0.12c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbf00000 'C:\Windows\System32\wshtcpip.dll'
310417c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
310517c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
310617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
310717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
310817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
310917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
311017c0.1758: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
311117c0.1758: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c5c301:<flags> [calling]
311217c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7b10000 'C:\Windows\System32\audioses.dll'
311317c0.eb8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
311417c0.eb8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000034daf901:<flags> [calling]
311517c0.eb8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb4c0000 'C:\Windows\system32\avrt.dll'
311617c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
311717c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
311817c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
311917c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
312017c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6910000 'C:\Windows\system32\dsound.dll'
312117c0.1758: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef8990000 'C:\Windows\system32\winmm.dll'
312217c0.10cc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
312317c0.10cc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000209ee1:<flags> [calling]
312417c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
312517c0.10cc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe500000 'C:\Windows\system32\shell32.dll'
312617c0.161c: supR3HardenedDllNotificationCallback: Unload 000007fef20b0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [flags=0x0]
312717c0.11d4: supR3HardenedDllNotificationCallback: Unload 000007fef20c0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [flags=0x0]
312817c0.ec4: supR3HardenedDllNotificationCallback: Unload 000007fef5ca0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [flags=0x0]
312917c0.1558: supR3HardenedDllNotificationCallback: Unload 000007fef8290000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [flags=0x0]
313017c0.76c: supR3HardenedDllNotificationCallback: Unload 000007fef82a0000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [flags=0x0]
313117c0.1758: supR3HardenedDllNotificationCallback: Unload 000007fefbf00000 LB 0x00007000 C:\Windows\System32\wshtcpip.dll [flags=0x0]
313217c0.1758: supR3HardenedDllNotificationCallback: Unload 000007fee0200000 LB 0x009bf000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [flags=0x0]
313317c0.1758: supR3HardenedDllNotificationCallback: Unload 000007fee6e80000 LB 0x0005d000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [flags=0x0]
313417c0.1758: supR3HardenedDllNotificationCallback: Unload 000007fee6470000 LB 0x00063000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [flags=0x0]
313517c0.10cc: Terminating the normal way: rcExit=0
3136ba8.1b50: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 316200 ms, the end);
3137d08.750: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x0 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 316845 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy