VirtualBox

Ticket #17807: VBoxHardening.log

File VBoxHardening.log, 296.0 KB (added by Abdelj, 6 years ago)
Line 
11d98.1d9c: Log file opened: 5.1.14r112924 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21d98.1d9c: \SystemRoot\System32\ntdll.dll:
31d98.1d9c: CreationTime: 2017-10-05T10:21:08.697885700Z
41d98.1d9c: LastWriteTime: 2017-02-09T16:33:37.296703900Z
51d98.1d9c: ChangeTime: 2017-10-05T10:25:41.754765700Z
61d98.1d9c: FileAttributes: 0x20
71d98.1d9c: Size: 0x1a7100
81d98.1d9c: NT Headers: 0xe0
91d98.1d9c: Timestamp: 0x589c99e1
101d98.1d9c: Machine: 0x8664 - amd64
111d98.1d9c: Timestamp: 0x589c99e1
121d98.1d9c: Image Version: 6.1
131d98.1d9c: SizeOfImage: 0x1aa000 (1744896)
141d98.1d9c: Resource Dir: 0x14e000 LB 0x5a028
151d98.1d9c: ProductName: Microsoft® Windows® Operating System
161d98.1d9c: ProductVersion: 6.1.7601.23677
171d98.1d9c: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
181d98.1d9c: FileDescription: NT Layer DLL
191d98.1d9c: \SystemRoot\System32\kernel32.dll:
201d98.1d9c: CreationTime: 2017-10-05T10:21:09.212686600Z
211d98.1d9c: LastWriteTime: 2017-02-09T16:31:56.078000000Z
221d98.1d9c: ChangeTime: 2017-10-05T10:25:43.143168100Z
231d98.1d9c: FileAttributes: 0x20
241d98.1d9c: Size: 0x11c000
251d98.1d9c: NT Headers: 0xe0
261d98.1d9c: Timestamp: 0x589c9a26
271d98.1d9c: Machine: 0x8664 - amd64
281d98.1d9c: Timestamp: 0x589c9a26
291d98.1d9c: Image Version: 6.1
301d98.1d9c: SizeOfImage: 0x11f000 (1175552)
311d98.1d9c: Resource Dir: 0x116000 LB 0x528
321d98.1d9c: ProductName: Microsoft® Windows® Operating System
331d98.1d9c: ProductVersion: 6.1.7601.23677
341d98.1d9c: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
351d98.1d9c: FileDescription: Windows NT BASE API Client DLL
361d98.1d9c: \SystemRoot\System32\KernelBase.dll:
371d98.1d9c: CreationTime: 2017-10-05T10:21:14.953496700Z
381d98.1d9c: LastWriteTime: 2017-02-09T16:31:56.094000000Z
391d98.1d9c: ChangeTime: 2017-10-05T10:25:43.143168100Z
401d98.1d9c: FileAttributes: 0x20
411d98.1d9c: Size: 0x66800
421d98.1d9c: NT Headers: 0xe8
431d98.1d9c: Timestamp: 0x589c9a27
441d98.1d9c: Machine: 0x8664 - amd64
451d98.1d9c: Timestamp: 0x589c9a27
461d98.1d9c: Image Version: 6.1
471d98.1d9c: SizeOfImage: 0x6a000 (434176)
481d98.1d9c: Resource Dir: 0x68000 LB 0x530
491d98.1d9c: ProductName: Microsoft® Windows® Operating System
501d98.1d9c: ProductVersion: 6.1.7601.23677
511d98.1d9c: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
521d98.1d9c: FileDescription: Windows NT BASE API Client DLL
531d98.1d9c: \SystemRoot\System32\apisetschema.dll:
541d98.1d9c: CreationTime: 2017-10-05T10:21:28.681520800Z
551d98.1d9c: LastWriteTime: 2017-02-09T16:31:48.512000000Z
561d98.1d9c: ChangeTime: 2017-10-05T10:25:41.598765400Z
571d98.1d9c: FileAttributes: 0x20
581d98.1d9c: Size: 0x1a00
591d98.1d9c: NT Headers: 0xc0
601d98.1d9c: Timestamp: 0x589c99bd
611d98.1d9c: Machine: 0x8664 - amd64
621d98.1d9c: Timestamp: 0x589c99bd
631d98.1d9c: Image Version: 6.1
641d98.1d9c: SizeOfImage: 0x50000 (327680)
651d98.1d9c: Resource Dir: 0x30000 LB 0x3f8
661d98.1d9c: ProductName: Microsoft® Windows® Operating System
671d98.1d9c: ProductVersion: 6.1.7601.23677
681d98.1d9c: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
691d98.1d9c: FileDescription: ApiSet Schema DLL
701d98.1d9c: Found driver aswVmm (0x4)
711d98.1d9c: Found driver aswStm (0x4)
721d98.1d9c: Found driver aswRvrt (0x4)
731d98.1d9c: supR3HardenedWinFindAdversaries: 0x4
741d98.1d9c: \SystemRoot\System32\drivers\aswHwid.sys:
751d98.1d9c: CreationTime: 2017-03-23T19:03:50.490727600Z
761d98.1d9c: LastWriteTime: 2018-05-19T11:04:07.210515400Z
771d98.1d9c: ChangeTime: 2018-05-19T11:04:42.624540900Z
781d98.1d9c: FileAttributes: 0x20
791d98.1d9c: Size: 0xb778
801d98.1d9c: NT Headers: 0xf0
811d98.1d9c: Timestamp: 0x5ae36d51
821d98.1d9c: Machine: 0x8664 - amd64
831d98.1d9c: Timestamp: 0x5ae36d51
841d98.1d9c: Image Version: 6.0
851d98.1d9c: SizeOfImage: 0xa000 (40960)
861d98.1d9c: Resource Dir: 0x8000 LB 0x388
871d98.1d9c: ProductName: Avast Antivirus
881d98.1d9c: ProductVersion: 18.4.3891.0
891d98.1d9c: FileVersion: 18.4.3891.0
901d98.1d9c: FileDescription: Avast HWID
911d98.1d9c: \SystemRoot\System32\drivers\aswMonFlt.sys:
921d98.1d9c: CreationTime: 2017-03-23T19:03:50.550727700Z
931d98.1d9c: LastWriteTime: 2018-05-19T11:04:07.357523800Z
941d98.1d9c: ChangeTime: 2018-05-19T11:04:42.624540900Z
951d98.1d9c: FileAttributes: 0x20
961d98.1d9c: Size: 0x26d90
971d98.1d9c: NT Headers: 0xe8
981d98.1d9c: Timestamp: 0x5ae36cf5
991d98.1d9c: Machine: 0x8664 - amd64
1001d98.1d9c: Timestamp: 0x5ae36cf5
1011d98.1d9c: Image Version: 6.0
1021d98.1d9c: SizeOfImage: 0x2b000 (176128)
1031d98.1d9c: Resource Dir: 0x29000 LB 0x3b0
1041d98.1d9c: ProductName: Avast Antivirus
1051d98.1d9c: ProductVersion: 18.4.3891.0
1061d98.1d9c: FileVersion: 18.4.3891.0
1071d98.1d9c: FileDescription: Avast File System Minifilter for Windows 2003/Vista
1081d98.1d9c: \SystemRoot\System32\drivers\aswRdr2.sys:
1091d98.1d9c: CreationTime: 2017-03-23T19:03:50.390727500Z
1101d98.1d9c: LastWriteTime: 2018-05-19T11:04:06.366467100Z
1111d98.1d9c: ChangeTime: 2018-05-19T11:04:42.625541000Z
1121d98.1d9c: FileAttributes: 0x20
1131d98.1d9c: Size: 0x1b300
1141d98.1d9c: NT Headers: 0xe8
1151d98.1d9c: Timestamp: 0x5ae36d26
1161d98.1d9c: Machine: 0x8664 - amd64
1171d98.1d9c: Timestamp: 0x5ae36d26
1181d98.1d9c: Image Version: 6.1
1191d98.1d9c: SizeOfImage: 0x1a000 (106496)
1201d98.1d9c: Resource Dir: 0x18000 LB 0x398
1211d98.1d9c: ProductName: Avast Antivirus
1221d98.1d9c: ProductVersion: 18.4.3891.0
1231d98.1d9c: FileVersion: 18.4.3891.0 built by: WinDDK
1241d98.1d9c: FileDescription: Avast WFP Redirect Driver
1251d98.1d9c: \SystemRoot\System32\drivers\aswRvrt.sys:
1261d98.1d9c: CreationTime: 2017-03-23T19:03:50.620727800Z
1271d98.1d9c: LastWriteTime: 2018-05-19T11:04:07.427527800Z
1281d98.1d9c: ChangeTime: 2018-05-19T11:04:42.625541000Z
1291d98.1d9c: FileAttributes: 0x20
1301d98.1d9c: Size: 0x14fd0
1311d98.1d9c: NT Headers: 0xf0
1321d98.1d9c: Timestamp: 0x5ae36cf2
1331d98.1d9c: Machine: 0x8664 - amd64
1341d98.1d9c: Timestamp: 0x5ae36cf2
1351d98.1d9c: Image Version: 6.0
1361d98.1d9c: SizeOfImage: 0x14000 (81920)
1371d98.1d9c: Resource Dir: 0x12000 LB 0x388
1381d98.1d9c: ProductName: Avast Antivirus
1391d98.1d9c: ProductVersion: 18.4.3891.0
1401d98.1d9c: FileVersion: 18.4.3891.0
1411d98.1d9c: FileDescription: Avast Revert
1421d98.1d9c: \SystemRoot\System32\drivers\aswSnx.sys:
1431d98.1d9c: CreationTime: 2017-03-23T19:03:50.300727300Z
1441d98.1d9c: LastWriteTime: 2018-05-19T11:03:29.082334600Z
1451d98.1d9c: ChangeTime: 2018-05-19T11:04:42.625541000Z
1461d98.1d9c: FileAttributes: 0x20
1471d98.1d9c: Size: 0xfae88
1481d98.1d9c: NT Headers: 0xe8
1491d98.1d9c: Timestamp: 0x5ae36d12
1501d98.1d9c: Machine: 0x8664 - amd64
1511d98.1d9c: Timestamp: 0x5ae36d12
1521d98.1d9c: Image Version: 6.0
1531d98.1d9c: SizeOfImage: 0xf8000 (1015808)
1541d98.1d9c: Resource Dir: 0xf0000 LB 0x378
1551d98.1d9c: ProductName: Avast Antivirus
1561d98.1d9c: ProductVersion: 18.4.3891.0
1571d98.1d9c: FileVersion: 18.4.3891.0
1581d98.1d9c: FileDescription: Avast Virtualization Driver
1591d98.1d9c: \SystemRoot\System32\drivers\aswsp.sys:
1601d98.1d9c: CreationTime: 2017-03-23T19:03:50.710727900Z
1611d98.1d9c: LastWriteTime: 2018-05-19T11:04:07.585536800Z
1621d98.1d9c: ChangeTime: 2018-05-19T11:04:42.625541000Z
1631d98.1d9c: FileAttributes: 0x20
1641d98.1d9c: Size: 0x706e8
1651d98.1d9c: NT Headers: 0xe8
1661d98.1d9c: Timestamp: 0x5ae36d18
1671d98.1d9c: Machine: 0x8664 - amd64
1681d98.1d9c: Timestamp: 0x5ae36d18
1691d98.1d9c: Image Version: 6.0
1701d98.1d9c: SizeOfImage: 0x72000 (466944)
1711d98.1d9c: Resource Dir: 0x70000 LB 0x370
1721d98.1d9c: ProductName: Avast Antivirus
1731d98.1d9c: ProductVersion: 18.4.3891.0
1741d98.1d9c: FileVersion: 18.4.3891.0
1751d98.1d9c: FileDescription: Avast self protection module
1761d98.1d9c: \SystemRoot\System32\drivers\aswStm.sys:
1771d98.1d9c: CreationTime: 2017-03-23T19:03:50.873728900Z
1781d98.1d9c: LastWriteTime: 2018-05-19T11:04:08.299577700Z
1791d98.1d9c: ChangeTime: 2018-05-19T11:04:42.625541000Z
1801d98.1d9c: FileAttributes: 0x20
1811d98.1d9c: Size: 0x32498
1821d98.1d9c: NT Headers: 0x110
1831d98.1d9c: Timestamp: 0x5ae37258
1841d98.1d9c: Machine: 0x8664 - amd64
1851d98.1d9c: Timestamp: 0x5ae37258
1861d98.1d9c: Image Version: 10.0
1871d98.1d9c: SizeOfImage: 0x33000 (208896)
1881d98.1d9c: Resource Dir: 0x31000 LB 0x350
1891d98.1d9c: ProductName: Avast Antivirus
1901d98.1d9c: ProductVersion: 18.4.3891.0
1911d98.1d9c: FileVersion: 18.4.3891.0
1921d98.1d9c: FileDescription: Stream Filter
1931d98.1d9c: \SystemRoot\System32\drivers\aswVmm.sys:
1941d98.1d9c: CreationTime: 2017-03-23T19:03:50.780728000Z
1951d98.1d9c: LastWriteTime: 2018-05-19T11:04:07.720544500Z
1961d98.1d9c: ChangeTime: 2018-05-19T11:04:42.626541000Z
1971d98.1d9c: FileAttributes: 0x20
1981d98.1d9c: Size: 0x5d270
1991d98.1d9c: NT Headers: 0xe8
2001d98.1d9c: Timestamp: 0x5ae36cf5
2011d98.1d9c: Machine: 0x8664 - amd64
2021d98.1d9c: Timestamp: 0x5ae36cf5
2031d98.1d9c: Image Version: 6.0
2041d98.1d9c: SizeOfImage: 0x5b000 (372736)
2051d98.1d9c: Resource Dir: 0x58000 LB 0x390
2061d98.1d9c: ProductName: Avast Antivirus
2071d98.1d9c: ProductVersion: 18.4.3891.0
2081d98.1d9c: FileVersion: 18.4.3891.0
2091d98.1d9c: FileDescription: Avast VM Monitor
2101d98.1d9c: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2111d98.1d9c: Calling main()
2121d98.1d9c: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
2131d98.1d9c: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2141d98.1d9c: SUPR3HardenedMain: Respawn #1
2151d98.1d9c: System32: \Device\HarddiskVolume2\Windows\System32
2161d98.1d9c: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2171d98.1d9c: KnownDllPath: C:\Windows\system32
2181d98.1d9c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2191d98.1d9c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
2201d98.1d9c: supR3HardNtEnableThreadCreation:
2211d98.1d9c: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007735a360 pvNtTerminateThread=000000007737c260
2221d98.1d9c: supR3HardenedWinDoReSpawn(1): New child 1dc8.1dcc [kernel32].
2231d98.1d9c: supR3HardNtChildGatherData: PebBaseAddress=000007fffffd8000 cbPeb=0x380
2241d98.1d9c: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077330000 uNtDllChildAddr=0000000077330000
2251d98.1d9c: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007735a360
2261d98.1d9c: supR3HardenedWinSetupChildInit: Start child.
2271d98.1d9c: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
2281d98.1d9c: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
2291d98.1d9c: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
2301d98.1d9c: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
2311d98.1d9c: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
2321d98.1d9c: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
2331d98.1d9c: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
2341d98.1d9c: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
2351d98.1d9c: 0000000000041000-ffffffffffe71fff 0x0001/0x0000 0x0000000
2361d98.1d9c: *0000000000210000-0000000000113fff 0x0000/0x0004 0x0020000
2371d98.1d9c: 000000000030c000-0000000000309fff 0x0104/0x0004 0x0020000
2381d98.1d9c: 000000000030e000-000000000030bfff 0x0004/0x0004 0x0020000
2391d98.1d9c: 0000000000310000-ffffffff892effff 0x0001/0x0000 0x0000000
2401d98.1d9c: *0000000077330000-0000000077330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2411d98.1d9c: 0000000077331000-000000007742dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2421d98.1d9c: 000000007742e000-000000007745cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2431d98.1d9c: 000000007745d000-0000000077466fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2441d98.1d9c: 0000000077467000-0000000077467fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2451d98.1d9c: 0000000077468000-000000007746afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2461d98.1d9c: 000000007746b000-00000000774d9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
2471d98.1d9c: 00000000774da000-000000006f9d3fff 0x0001/0x0000 0x0000000
2481d98.1d9c: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
2491d98.1d9c: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
2501d98.1d9c: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
2511d98.1d9c: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
2521d98.1d9c: *000000013fcc0000-000000013fcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2531d98.1d9c: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2541d98.1d9c: 000000013fd30000-000000013fd30fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2551d98.1d9c: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2561d98.1d9c: 000000013fd76000-000000013fd76fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2571d98.1d9c: 000000013fd77000-000000013fd77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2581d98.1d9c: 000000013fd78000-000000013fd7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2591d98.1d9c: 000000013fd7d000-000000013fd7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2601d98.1d9c: 000000013fd7e000-000000013fd7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2611d98.1d9c: 000000013fd7f000-000000013fd82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2621d98.1d9c: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
2631d98.1d9c: 000000013fdcb000-fffff80380545fff 0x0001/0x0000 0x0000000
2641d98.1d9c: *000007feff650000-000007feff650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
2651d98.1d9c: 000007feff651000-000007fdfecf1fff 0x0001/0x0000 0x0000000
2661d98.1d9c: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
2671d98.1d9c: 000007fffffd3000-000007fffffcdfff 0x0001/0x0000 0x0000000
2681d98.1d9c: *000007fffffd8000-000007fffffd6fff 0x0004/0x0004 0x0020000
2691d98.1d9c: 000007fffffd9000-000007fffffd3fff 0x0001/0x0000 0x0000000
2701d98.1d9c: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
2711d98.1d9c: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
2721d98.1d9c: apisetschema.dll: timestamp 0x589c99bd (rc=VINF_SUCCESS)
2731d98.1d9c: VirtualBox.exe: timestamp 0x587cf70b (rc=VINF_SUCCESS)
2741d98.1d9c: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
2751d98.1d9c: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
2761d98.1d9c: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
2771d98.1d9c: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
2781d98.1d9c: supR3HardNtEnableThreadCreation:
2791dc8.1dcc: Log file opened: 5.1.14r112924 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2801dc8.1dcc: supR3HardenedVmProcessInit: uNtDllAddr=0000000077330000 g_uNtVerCombined=0x611db100
2811dc8.1dcc: ntdll.dll: timestamp 0x589c99e1 (rc=VINF_SUCCESS)
2821dc8.1dcc: New simple heap: #1 0000000000310000 LB 0x400000 (for 1744896 allocation)
2831dc8.1dcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
2841dc8.1dcc: System32: \Device\HarddiskVolume2\Windows\System32
2851dc8.1dcc: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
2861dc8.1dcc: KnownDllPath: C:\Windows\system32
2871dc8.1dcc: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2881dc8.1dcc: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2891dc8.1dcc: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2901dc8.1dcc: Registered Dll notification callback with NTDLL.
2911dc8.1dcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
2921dc8.1dcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2931dc8.1dcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2941dc8.1dcc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2951dc8.1dcc: supR3HardenedDllNotificationCallback: load 0000000077110000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2961dc8.1dcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2971dc8.1dcc: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2981dc8.1dcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
2991dc8.1dcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
3001dc8.1dcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077110000 'C:\Windows\system32\kernel32.dll'
3011dc8.1dcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007735a360 pvNtTerminateThread=000000007737c260
3021d98.1d9c: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
3031dc8.1dcc: \SystemRoot\System32\ntdll.dll:
3041dc8.1dcc: CreationTime: 2017-10-05T10:21:08.697885700Z
3051dc8.1dcc: LastWriteTime: 2017-02-09T16:33:37.296703900Z
3061dc8.1dcc: ChangeTime: 2017-10-05T10:25:41.754765700Z
3071dc8.1dcc: FileAttributes: 0x20
3081dc8.1dcc: Size: 0x1a7100
3091dc8.1dcc: NT Headers: 0xe0
3101dc8.1dcc: Timestamp: 0x589c99e1
3111dc8.1dcc: Machine: 0x8664 - amd64
3121dc8.1dcc: Timestamp: 0x589c99e1
3131dc8.1dcc: Image Version: 6.1
3141dc8.1dcc: SizeOfImage: 0x1aa000 (1744896)
3151dc8.1dcc: Resource Dir: 0x14e000 LB 0x5a028
3161dc8.1dcc: ProductName: Microsoft® Windows® Operating System
3171dc8.1dcc: ProductVersion: 6.1.7601.23677
3181dc8.1dcc: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3191dc8.1dcc: FileDescription: NT Layer DLL
3201dc8.1dcc: \SystemRoot\System32\kernel32.dll:
3211dc8.1dcc: CreationTime: 2017-10-05T10:21:09.212686600Z
3221dc8.1dcc: LastWriteTime: 2017-02-09T16:31:56.078000000Z
3231dc8.1dcc: ChangeTime: 2017-10-05T10:25:43.143168100Z
3241dc8.1dcc: FileAttributes: 0x20
3251dc8.1dcc: Size: 0x11c000
3261dc8.1dcc: NT Headers: 0xe0
3271dc8.1dcc: Timestamp: 0x589c9a26
3281dc8.1dcc: Machine: 0x8664 - amd64
3291dc8.1dcc: Timestamp: 0x589c9a26
3301dc8.1dcc: Image Version: 6.1
3311dc8.1dcc: SizeOfImage: 0x11f000 (1175552)
3321dc8.1dcc: Resource Dir: 0x116000 LB 0x528
3331dc8.1dcc: ProductName: Microsoft® Windows® Operating System
3341dc8.1dcc: ProductVersion: 6.1.7601.23677
3351dc8.1dcc: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3361dc8.1dcc: FileDescription: Windows NT BASE API Client DLL
3371dc8.1dcc: \SystemRoot\System32\KernelBase.dll:
3381dc8.1dcc: CreationTime: 2017-10-05T10:21:14.953496700Z
3391dc8.1dcc: LastWriteTime: 2017-02-09T16:31:56.094000000Z
3401dc8.1dcc: ChangeTime: 2017-10-05T10:25:43.143168100Z
3411dc8.1dcc: FileAttributes: 0x20
3421dc8.1dcc: Size: 0x66800
3431dc8.1dcc: NT Headers: 0xe8
3441dc8.1dcc: Timestamp: 0x589c9a27
3451dc8.1dcc: Machine: 0x8664 - amd64
3461dc8.1dcc: Timestamp: 0x589c9a27
3471dc8.1dcc: Image Version: 6.1
3481dc8.1dcc: SizeOfImage: 0x6a000 (434176)
3491dc8.1dcc: Resource Dir: 0x68000 LB 0x530
3501dc8.1dcc: ProductName: Microsoft® Windows® Operating System
3511dc8.1dcc: ProductVersion: 6.1.7601.23677
3521dc8.1dcc: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3531dc8.1dcc: FileDescription: Windows NT BASE API Client DLL
3541dc8.1dcc: \SystemRoot\System32\apisetschema.dll:
3551dc8.1dcc: CreationTime: 2017-10-05T10:21:28.681520800Z
3561dc8.1dcc: LastWriteTime: 2017-02-09T16:31:48.512000000Z
3571dc8.1dcc: ChangeTime: 2017-10-05T10:25:41.598765400Z
3581dc8.1dcc: FileAttributes: 0x20
3591dc8.1dcc: Size: 0x1a00
3601dc8.1dcc: NT Headers: 0xc0
3611dc8.1dcc: Timestamp: 0x589c99bd
3621dc8.1dcc: Machine: 0x8664 - amd64
3631dc8.1dcc: Timestamp: 0x589c99bd
3641dc8.1dcc: Image Version: 6.1
3651dc8.1dcc: SizeOfImage: 0x50000 (327680)
3661dc8.1dcc: Resource Dir: 0x30000 LB 0x3f8
3671dc8.1dcc: ProductName: Microsoft® Windows® Operating System
3681dc8.1dcc: ProductVersion: 6.1.7601.23677
3691dc8.1dcc: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
3701dc8.1dcc: FileDescription: ApiSet Schema DLL
3711dc8.1dcc: Found driver aswVmm (0x4)
3721dc8.1dcc: Found driver aswStm (0x4)
3731dc8.1dcc: Found driver aswRvrt (0x4)
3741dc8.1dcc: supR3HardenedWinFindAdversaries: 0x4
3751dc8.1dcc: \SystemRoot\System32\drivers\aswHwid.sys:
3761dc8.1dcc: CreationTime: 2017-03-23T19:03:50.490727600Z
3771dc8.1dcc: LastWriteTime: 2018-05-19T11:04:07.210515400Z
3781dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.624540900Z
3791dc8.1dcc: FileAttributes: 0x20
3801dc8.1dcc: Size: 0xb778
3811dc8.1dcc: NT Headers: 0xf0
3821dc8.1dcc: Timestamp: 0x5ae36d51
3831dc8.1dcc: Machine: 0x8664 - amd64
3841dc8.1dcc: Timestamp: 0x5ae36d51
3851dc8.1dcc: Image Version: 6.0
3861dc8.1dcc: SizeOfImage: 0xa000 (40960)
3871dc8.1dcc: Resource Dir: 0x8000 LB 0x388
3881dc8.1dcc: ProductName: Avast Antivirus
3891dc8.1dcc: ProductVersion: 18.4.3891.0
3901dc8.1dcc: FileVersion: 18.4.3891.0
3911dc8.1dcc: FileDescription: Avast HWID
3921dc8.1dcc: \SystemRoot\System32\drivers\aswMonFlt.sys:
3931dc8.1dcc: CreationTime: 2017-03-23T19:03:50.550727700Z
3941dc8.1dcc: LastWriteTime: 2018-05-19T11:04:07.357523800Z
3951dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.624540900Z
3961dc8.1dcc: FileAttributes: 0x20
3971dc8.1dcc: Size: 0x26d90
3981dc8.1dcc: NT Headers: 0xe8
3991dc8.1dcc: Timestamp: 0x5ae36cf5
4001dc8.1dcc: Machine: 0x8664 - amd64
4011dc8.1dcc: Timestamp: 0x5ae36cf5
4021dc8.1dcc: Image Version: 6.0
4031dc8.1dcc: SizeOfImage: 0x2b000 (176128)
4041dc8.1dcc: Resource Dir: 0x29000 LB 0x3b0
4051dc8.1dcc: ProductName: Avast Antivirus
4061dc8.1dcc: ProductVersion: 18.4.3891.0
4071dc8.1dcc: FileVersion: 18.4.3891.0
4081dc8.1dcc: FileDescription: Avast File System Minifilter for Windows 2003/Vista
4091dc8.1dcc: \SystemRoot\System32\drivers\aswRdr2.sys:
4101dc8.1dcc: CreationTime: 2017-03-23T19:03:50.390727500Z
4111dc8.1dcc: LastWriteTime: 2018-05-19T11:04:06.366467100Z
4121dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.625541000Z
4131dc8.1dcc: FileAttributes: 0x20
4141dc8.1dcc: Size: 0x1b300
4151dc8.1dcc: NT Headers: 0xe8
4161dc8.1dcc: Timestamp: 0x5ae36d26
4171dc8.1dcc: Machine: 0x8664 - amd64
4181dc8.1dcc: Timestamp: 0x5ae36d26
4191dc8.1dcc: Image Version: 6.1
4201dc8.1dcc: SizeOfImage: 0x1a000 (106496)
4211dc8.1dcc: Resource Dir: 0x18000 LB 0x398
4221dc8.1dcc: ProductName: Avast Antivirus
4231dc8.1dcc: ProductVersion: 18.4.3891.0
4241dc8.1dcc: FileVersion: 18.4.3891.0 built by: WinDDK
4251dc8.1dcc: FileDescription: Avast WFP Redirect Driver
4261dc8.1dcc: \SystemRoot\System32\drivers\aswRvrt.sys:
4271dc8.1dcc: CreationTime: 2017-03-23T19:03:50.620727800Z
4281dc8.1dcc: LastWriteTime: 2018-05-19T11:04:07.427527800Z
4291dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.625541000Z
4301dc8.1dcc: FileAttributes: 0x20
4311dc8.1dcc: Size: 0x14fd0
4321dc8.1dcc: NT Headers: 0xf0
4331dc8.1dcc: Timestamp: 0x5ae36cf2
4341dc8.1dcc: Machine: 0x8664 - amd64
4351dc8.1dcc: Timestamp: 0x5ae36cf2
4361dc8.1dcc: Image Version: 6.0
4371dc8.1dcc: SizeOfImage: 0x14000 (81920)
4381dc8.1dcc: Resource Dir: 0x12000 LB 0x388
4391dc8.1dcc: ProductName: Avast Antivirus
4401dc8.1dcc: ProductVersion: 18.4.3891.0
4411dc8.1dcc: FileVersion: 18.4.3891.0
4421dc8.1dcc: FileDescription: Avast Revert
4431dc8.1dcc: \SystemRoot\System32\drivers\aswSnx.sys:
4441dc8.1dcc: CreationTime: 2017-03-23T19:03:50.300727300Z
4451dc8.1dcc: LastWriteTime: 2018-05-19T11:03:29.082334600Z
4461dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.625541000Z
4471dc8.1dcc: FileAttributes: 0x20
4481dc8.1dcc: Size: 0xfae88
4491dc8.1dcc: NT Headers: 0xe8
4501dc8.1dcc: Timestamp: 0x5ae36d12
4511dc8.1dcc: Machine: 0x8664 - amd64
4521dc8.1dcc: Timestamp: 0x5ae36d12
4531dc8.1dcc: Image Version: 6.0
4541dc8.1dcc: SizeOfImage: 0xf8000 (1015808)
4551dc8.1dcc: Resource Dir: 0xf0000 LB 0x378
4561dc8.1dcc: ProductName: Avast Antivirus
4571dc8.1dcc: ProductVersion: 18.4.3891.0
4581dc8.1dcc: FileVersion: 18.4.3891.0
4591dc8.1dcc: FileDescription: Avast Virtualization Driver
4601dc8.1dcc: \SystemRoot\System32\drivers\aswsp.sys:
4611dc8.1dcc: CreationTime: 2017-03-23T19:03:50.710727900Z
4621dc8.1dcc: LastWriteTime: 2018-05-19T11:04:07.585536800Z
4631dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.625541000Z
4641dc8.1dcc: FileAttributes: 0x20
4651dc8.1dcc: Size: 0x706e8
4661dc8.1dcc: NT Headers: 0xe8
4671dc8.1dcc: Timestamp: 0x5ae36d18
4681dc8.1dcc: Machine: 0x8664 - amd64
4691dc8.1dcc: Timestamp: 0x5ae36d18
4701dc8.1dcc: Image Version: 6.0
4711dc8.1dcc: SizeOfImage: 0x72000 (466944)
4721dc8.1dcc: Resource Dir: 0x70000 LB 0x370
4731dc8.1dcc: ProductName: Avast Antivirus
4741dc8.1dcc: ProductVersion: 18.4.3891.0
4751dc8.1dcc: FileVersion: 18.4.3891.0
4761dc8.1dcc: FileDescription: Avast self protection module
4771dc8.1dcc: \SystemRoot\System32\drivers\aswStm.sys:
4781dc8.1dcc: CreationTime: 2017-03-23T19:03:50.873728900Z
4791dc8.1dcc: LastWriteTime: 2018-05-19T11:04:08.299577700Z
4801dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.625541000Z
4811dc8.1dcc: FileAttributes: 0x20
4821dc8.1dcc: Size: 0x32498
4831dc8.1dcc: NT Headers: 0x110
4841dc8.1dcc: Timestamp: 0x5ae37258
4851dc8.1dcc: Machine: 0x8664 - amd64
4861dc8.1dcc: Timestamp: 0x5ae37258
4871dc8.1dcc: Image Version: 10.0
4881dc8.1dcc: SizeOfImage: 0x33000 (208896)
4891dc8.1dcc: Resource Dir: 0x31000 LB 0x350
4901dc8.1dcc: ProductName: Avast Antivirus
4911dc8.1dcc: ProductVersion: 18.4.3891.0
4921dc8.1dcc: FileVersion: 18.4.3891.0
4931dc8.1dcc: FileDescription: Stream Filter
4941dc8.1dcc: \SystemRoot\System32\drivers\aswVmm.sys:
4951dc8.1dcc: CreationTime: 2017-03-23T19:03:50.780728000Z
4961dc8.1dcc: LastWriteTime: 2018-05-19T11:04:07.720544500Z
4971dc8.1dcc: ChangeTime: 2018-05-19T11:04:42.626541000Z
4981dc8.1dcc: FileAttributes: 0x20
4991dc8.1dcc: Size: 0x5d270
5001dc8.1dcc: NT Headers: 0xe8
5011dc8.1dcc: Timestamp: 0x5ae36cf5
5021dc8.1dcc: Machine: 0x8664 - amd64
5031dc8.1dcc: Timestamp: 0x5ae36cf5
5041dc8.1dcc: Image Version: 6.0
5051dc8.1dcc: SizeOfImage: 0x5b000 (372736)
5061dc8.1dcc: Resource Dir: 0x58000 LB 0x390
5071dc8.1dcc: ProductName: Avast Antivirus
5081dc8.1dcc: ProductVersion: 18.4.3891.0
5091dc8.1dcc: FileVersion: 18.4.3891.0
5101dc8.1dcc: FileDescription: Avast VM Monitor
5111dc8.1dcc: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5121dc8.1dcc: Calling main()
5131dc8.1dcc: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
5141dc8.1dcc: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5151dc8.1dcc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5161dc8.1dcc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
5171dc8.1dcc: SUPR3HardenedMain: Respawn #2
5181dc8.1dcc: supR3HardNtEnableThreadCreation:
5191dc8.1dcc: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
5201dc8.1dcc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
5211dc8.1dcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
5221dc8.1dcc: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5231dc8.1dcc: supR3HardenedDllNotificationCallback: load 000007fefcee0000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
5241dc8.1dcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
5251dc8.1dcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcee0000 'C:\Windows\system32\apphelp.dll'
5261dc8.1dcc: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007735a360 pvNtTerminateThread=000000007737c260
5271dc8.1dcc: supR3HardenedWinDoReSpawn(2): New child 1ddc.1de0 [kernel32].
5281dc8.1dcc: supR3HardNtChildGatherData: PebBaseAddress=000007fffffde000 cbPeb=0x380
5291dc8.1dcc: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077330000 uNtDllChildAddr=0000000077330000
5301dc8.1dcc: supR3HardenedWinSetupChildInit: uLdrInitThunk=000000007735a360
5311dc8.1dcc: supR3HardenedWinSetupChildInit: Start child.
5321dc8.1dcc: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
5331dc8.1dcc: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
5341dc8.1dcc: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
5351dc8.1dcc: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
5361dc8.1dcc: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
5371dc8.1dcc: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
5381dc8.1dcc: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
5391dc8.1dcc: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
5401dc8.1dcc: 0000000000041000-ffffffffffeb1fff 0x0001/0x0000 0x0000000
5411dc8.1dcc: *00000000001d0000-00000000000d3fff 0x0000/0x0004 0x0020000
5421dc8.1dcc: 00000000002cc000-00000000002c9fff 0x0104/0x0004 0x0020000
5431dc8.1dcc: 00000000002ce000-00000000002cbfff 0x0004/0x0004 0x0020000
5441dc8.1dcc: 00000000002d0000-ffffffff8926ffff 0x0001/0x0000 0x0000000
5451dc8.1dcc: *0000000077330000-0000000077330fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5461dc8.1dcc: 0000000077331000-000000007742dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5471dc8.1dcc: 000000007742e000-000000007745cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5481dc8.1dcc: 000000007745d000-0000000077466fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5491dc8.1dcc: 0000000077467000-0000000077467fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5501dc8.1dcc: 0000000077468000-000000007746afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5511dc8.1dcc: 000000007746b000-00000000774d9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
5521dc8.1dcc: 00000000774da000-000000006f9d3fff 0x0001/0x0000 0x0000000
5531dc8.1dcc: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
5541dc8.1dcc: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
5551dc8.1dcc: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
5561dc8.1dcc: 000000007fff0000-ffffffffc031ffff 0x0001/0x0000 0x0000000
5571dc8.1dcc: *000000013fcc0000-000000013fcc0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5581dc8.1dcc: 000000013fcc1000-000000013fd2ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5591dc8.1dcc: 000000013fd30000-000000013fd30fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5601dc8.1dcc: 000000013fd31000-000000013fd75fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5611dc8.1dcc: 000000013fd76000-000000013fd76fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5621dc8.1dcc: 000000013fd77000-000000013fd77fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5631dc8.1dcc: 000000013fd78000-000000013fd7cfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5641dc8.1dcc: 000000013fd7d000-000000013fd7dfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5651dc8.1dcc: 000000013fd7e000-000000013fd7efff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5661dc8.1dcc: 000000013fd7f000-000000013fd82fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5671dc8.1dcc: 000000013fd83000-000000013fdcafff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe
5681dc8.1dcc: 000000013fdcb000-fffff80380545fff 0x0001/0x0000 0x0000000
5691dc8.1dcc: *000007feff650000-000007feff650fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
5701dc8.1dcc: 000007feff651000-000007fdfecf1fff 0x0001/0x0000 0x0000000
5711dc8.1dcc: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
5721dc8.1dcc: 000007fffffd3000-000007fffffc9fff 0x0001/0x0000 0x0000000
5731dc8.1dcc: *000007fffffdc000-000007fffffd9fff 0x0004/0x0004 0x0020000
5741dc8.1dcc: *000007fffffde000-000007fffffdcfff 0x0004/0x0004 0x0020000
5751dc8.1dcc: 000007fffffdf000-000007fffffddfff 0x0001/0x0000 0x0000000
5761dc8.1dcc: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
5771dc8.1dcc: apisetschema.dll: timestamp 0x589c99bd (rc=VINF_SUCCESS)
5781dc8.1dcc: VirtualBox.exe: timestamp 0x587cf70b (rc=VINF_SUCCESS)
5791dc8.1dcc: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
5801dc8.1dcc: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
5811dc8.1dcc: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
5821dc8.1dcc: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
5831dc8.1dcc: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000310000 LB 0x400000)
5841dc8.1dcc: supR3HardNtEnableThreadCreation:
5851ddc.1de0: Log file opened: 5.1.14r112924 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
5861ddc.1de0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077330000 g_uNtVerCombined=0x611db100
5871ddc.1de0: ntdll.dll: timestamp 0x589c99e1 (rc=VINF_SUCCESS)
5881ddc.1de0: New simple heap: #1 00000000002d0000 LB 0x400000 (for 1744896 allocation)
5891ddc.1de0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
5901ddc.1de0: System32: \Device\HarddiskVolume2\Windows\System32
5911ddc.1de0: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
5921ddc.1de0: KnownDllPath: C:\Windows\system32
5931ddc.1de0: supR3HardenedVmProcessInit: Opening vboxdrv...
5941ddc.1de0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
5951ddc.1de0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
5961ddc.1de0: Registered Dll notification callback with NTDLL.
5971ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
5981ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
5991ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
6001ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6011ddc.1de0: supR3HardenedDllNotificationCallback: load 0000000077110000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
6021ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
6031ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd3d0000 LB 0x0006a000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
6041ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
6051ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
6061ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077110000 'C:\Windows\system32\kernel32.dll'
6071ddc.1de0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=000000007735a360 pvNtTerminateThread=000000007737c260
6081dc8.1dcc: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
6091ddc.1de0: \SystemRoot\System32\ntdll.dll:
6101ddc.1de0: CreationTime: 2017-10-05T10:21:08.697885700Z
6111ddc.1de0: LastWriteTime: 2017-02-09T16:33:37.296703900Z
6121ddc.1de0: ChangeTime: 2017-10-05T10:25:41.754765700Z
6131ddc.1de0: FileAttributes: 0x20
6141ddc.1de0: Size: 0x1a7100
6151ddc.1de0: NT Headers: 0xe0
6161ddc.1de0: Timestamp: 0x589c99e1
6171ddc.1de0: Machine: 0x8664 - amd64
6181ddc.1de0: Timestamp: 0x589c99e1
6191ddc.1de0: Image Version: 6.1
6201ddc.1de0: SizeOfImage: 0x1aa000 (1744896)
6211ddc.1de0: Resource Dir: 0x14e000 LB 0x5a028
6221ddc.1de0: ProductName: Microsoft® Windows® Operating System
6231ddc.1de0: ProductVersion: 6.1.7601.23677
6241ddc.1de0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
6251ddc.1de0: FileDescription: NT Layer DLL
6261ddc.1de0: \SystemRoot\System32\kernel32.dll:
6271ddc.1de0: CreationTime: 2017-10-05T10:21:09.212686600Z
6281ddc.1de0: LastWriteTime: 2017-02-09T16:31:56.078000000Z
6291ddc.1de0: ChangeTime: 2017-10-05T10:25:43.143168100Z
6301ddc.1de0: FileAttributes: 0x20
6311ddc.1de0: Size: 0x11c000
6321ddc.1de0: NT Headers: 0xe0
6331ddc.1de0: Timestamp: 0x589c9a26
6341ddc.1de0: Machine: 0x8664 - amd64
6351ddc.1de0: Timestamp: 0x589c9a26
6361ddc.1de0: Image Version: 6.1
6371ddc.1de0: SizeOfImage: 0x11f000 (1175552)
6381ddc.1de0: Resource Dir: 0x116000 LB 0x528
6391ddc.1de0: ProductName: Microsoft® Windows® Operating System
6401ddc.1de0: ProductVersion: 6.1.7601.23677
6411ddc.1de0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
6421ddc.1de0: FileDescription: Windows NT BASE API Client DLL
6431ddc.1de0: \SystemRoot\System32\KernelBase.dll:
6441ddc.1de0: CreationTime: 2017-10-05T10:21:14.953496700Z
6451ddc.1de0: LastWriteTime: 2017-02-09T16:31:56.094000000Z
6461ddc.1de0: ChangeTime: 2017-10-05T10:25:43.143168100Z
6471ddc.1de0: FileAttributes: 0x20
6481ddc.1de0: Size: 0x66800
6491ddc.1de0: NT Headers: 0xe8
6501ddc.1de0: Timestamp: 0x589c9a27
6511ddc.1de0: Machine: 0x8664 - amd64
6521ddc.1de0: Timestamp: 0x589c9a27
6531ddc.1de0: Image Version: 6.1
6541ddc.1de0: SizeOfImage: 0x6a000 (434176)
6551ddc.1de0: Resource Dir: 0x68000 LB 0x530
6561ddc.1de0: ProductName: Microsoft® Windows® Operating System
6571ddc.1de0: ProductVersion: 6.1.7601.23677
6581ddc.1de0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
6591ddc.1de0: FileDescription: Windows NT BASE API Client DLL
6601ddc.1de0: \SystemRoot\System32\apisetschema.dll:
6611ddc.1de0: CreationTime: 2017-10-05T10:21:28.681520800Z
6621ddc.1de0: LastWriteTime: 2017-02-09T16:31:48.512000000Z
6631ddc.1de0: ChangeTime: 2017-10-05T10:25:41.598765400Z
6641ddc.1de0: FileAttributes: 0x20
6651ddc.1de0: Size: 0x1a00
6661ddc.1de0: NT Headers: 0xc0
6671ddc.1de0: Timestamp: 0x589c99bd
6681ddc.1de0: Machine: 0x8664 - amd64
6691ddc.1de0: Timestamp: 0x589c99bd
6701ddc.1de0: Image Version: 6.1
6711ddc.1de0: SizeOfImage: 0x50000 (327680)
6721ddc.1de0: Resource Dir: 0x30000 LB 0x3f8
6731ddc.1de0: ProductName: Microsoft® Windows® Operating System
6741ddc.1de0: ProductVersion: 6.1.7601.23677
6751ddc.1de0: FileVersion: 6.1.7601.23677 (win7sp1_ldr.170209-0600)
6761ddc.1de0: FileDescription: ApiSet Schema DLL
6771ddc.1de0: Found driver aswVmm (0x4)
6781ddc.1de0: Found driver aswStm (0x4)
6791ddc.1de0: Found driver aswRvrt (0x4)
6801ddc.1de0: supR3HardenedWinFindAdversaries: 0x4
6811ddc.1de0: \SystemRoot\System32\drivers\aswHwid.sys:
6821ddc.1de0: CreationTime: 2017-03-23T19:03:50.490727600Z
6831ddc.1de0: LastWriteTime: 2018-05-19T11:04:07.210515400Z
6841ddc.1de0: ChangeTime: 2018-05-19T11:04:42.624540900Z
6851ddc.1de0: FileAttributes: 0x20
6861ddc.1de0: Size: 0xb778
6871ddc.1de0: NT Headers: 0xf0
6881ddc.1de0: Timestamp: 0x5ae36d51
6891ddc.1de0: Machine: 0x8664 - amd64
6901ddc.1de0: Timestamp: 0x5ae36d51
6911ddc.1de0: Image Version: 6.0
6921ddc.1de0: SizeOfImage: 0xa000 (40960)
6931ddc.1de0: Resource Dir: 0x8000 LB 0x388
6941ddc.1de0: ProductName: Avast Antivirus
6951ddc.1de0: ProductVersion: 18.4.3891.0
6961ddc.1de0: FileVersion: 18.4.3891.0
6971ddc.1de0: FileDescription: Avast HWID
6981ddc.1de0: \SystemRoot\System32\drivers\aswMonFlt.sys:
6991ddc.1de0: CreationTime: 2017-03-23T19:03:50.550727700Z
7001ddc.1de0: LastWriteTime: 2018-05-19T11:04:07.357523800Z
7011ddc.1de0: ChangeTime: 2018-05-19T11:04:42.624540900Z
7021ddc.1de0: FileAttributes: 0x20
7031ddc.1de0: Size: 0x26d90
7041ddc.1de0: NT Headers: 0xe8
7051ddc.1de0: Timestamp: 0x5ae36cf5
7061ddc.1de0: Machine: 0x8664 - amd64
7071ddc.1de0: Timestamp: 0x5ae36cf5
7081ddc.1de0: Image Version: 6.0
7091ddc.1de0: SizeOfImage: 0x2b000 (176128)
7101ddc.1de0: Resource Dir: 0x29000 LB 0x3b0
7111ddc.1de0: ProductName: Avast Antivirus
7121ddc.1de0: ProductVersion: 18.4.3891.0
7131ddc.1de0: FileVersion: 18.4.3891.0
7141ddc.1de0: FileDescription: Avast File System Minifilter for Windows 2003/Vista
7151ddc.1de0: \SystemRoot\System32\drivers\aswRdr2.sys:
7161ddc.1de0: CreationTime: 2017-03-23T19:03:50.390727500Z
7171ddc.1de0: LastWriteTime: 2018-05-19T11:04:06.366467100Z
7181ddc.1de0: ChangeTime: 2018-05-19T11:04:42.625541000Z
7191ddc.1de0: FileAttributes: 0x20
7201ddc.1de0: Size: 0x1b300
7211ddc.1de0: NT Headers: 0xe8
7221ddc.1de0: Timestamp: 0x5ae36d26
7231ddc.1de0: Machine: 0x8664 - amd64
7241ddc.1de0: Timestamp: 0x5ae36d26
7251ddc.1de0: Image Version: 6.1
7261ddc.1de0: SizeOfImage: 0x1a000 (106496)
7271ddc.1de0: Resource Dir: 0x18000 LB 0x398
7281ddc.1de0: ProductName: Avast Antivirus
7291ddc.1de0: ProductVersion: 18.4.3891.0
7301ddc.1de0: FileVersion: 18.4.3891.0 built by: WinDDK
7311ddc.1de0: FileDescription: Avast WFP Redirect Driver
7321ddc.1de0: \SystemRoot\System32\drivers\aswRvrt.sys:
7331ddc.1de0: CreationTime: 2017-03-23T19:03:50.620727800Z
7341ddc.1de0: LastWriteTime: 2018-05-19T11:04:07.427527800Z
7351ddc.1de0: ChangeTime: 2018-05-19T11:04:42.625541000Z
7361ddc.1de0: FileAttributes: 0x20
7371ddc.1de0: Size: 0x14fd0
7381ddc.1de0: NT Headers: 0xf0
7391ddc.1de0: Timestamp: 0x5ae36cf2
7401ddc.1de0: Machine: 0x8664 - amd64
7411ddc.1de0: Timestamp: 0x5ae36cf2
7421ddc.1de0: Image Version: 6.0
7431ddc.1de0: SizeOfImage: 0x14000 (81920)
7441ddc.1de0: Resource Dir: 0x12000 LB 0x388
7451ddc.1de0: ProductName: Avast Antivirus
7461ddc.1de0: ProductVersion: 18.4.3891.0
7471ddc.1de0: FileVersion: 18.4.3891.0
7481ddc.1de0: FileDescription: Avast Revert
7491ddc.1de0: \SystemRoot\System32\drivers\aswSnx.sys:
7501ddc.1de0: CreationTime: 2017-03-23T19:03:50.300727300Z
7511ddc.1de0: LastWriteTime: 2018-05-19T11:03:29.082334600Z
7521ddc.1de0: ChangeTime: 2018-05-19T11:04:42.625541000Z
7531ddc.1de0: FileAttributes: 0x20
7541ddc.1de0: Size: 0xfae88
7551ddc.1de0: NT Headers: 0xe8
7561ddc.1de0: Timestamp: 0x5ae36d12
7571ddc.1de0: Machine: 0x8664 - amd64
7581ddc.1de0: Timestamp: 0x5ae36d12
7591ddc.1de0: Image Version: 6.0
7601ddc.1de0: SizeOfImage: 0xf8000 (1015808)
7611ddc.1de0: Resource Dir: 0xf0000 LB 0x378
7621ddc.1de0: ProductName: Avast Antivirus
7631ddc.1de0: ProductVersion: 18.4.3891.0
7641ddc.1de0: FileVersion: 18.4.3891.0
7651ddc.1de0: FileDescription: Avast Virtualization Driver
7661ddc.1de0: \SystemRoot\System32\drivers\aswsp.sys:
7671ddc.1de0: CreationTime: 2017-03-23T19:03:50.710727900Z
7681ddc.1de0: LastWriteTime: 2018-05-19T11:04:07.585536800Z
7691ddc.1de0: ChangeTime: 2018-05-19T11:04:42.625541000Z
7701ddc.1de0: FileAttributes: 0x20
7711ddc.1de0: Size: 0x706e8
7721ddc.1de0: NT Headers: 0xe8
7731ddc.1de0: Timestamp: 0x5ae36d18
7741ddc.1de0: Machine: 0x8664 - amd64
7751ddc.1de0: Timestamp: 0x5ae36d18
7761ddc.1de0: Image Version: 6.0
7771ddc.1de0: SizeOfImage: 0x72000 (466944)
7781ddc.1de0: Resource Dir: 0x70000 LB 0x370
7791ddc.1de0: ProductName: Avast Antivirus
7801ddc.1de0: ProductVersion: 18.4.3891.0
7811ddc.1de0: FileVersion: 18.4.3891.0
7821ddc.1de0: FileDescription: Avast self protection module
7831ddc.1de0: \SystemRoot\System32\drivers\aswStm.sys:
7841ddc.1de0: CreationTime: 2017-03-23T19:03:50.873728900Z
7851ddc.1de0: LastWriteTime: 2018-05-19T11:04:08.299577700Z
7861ddc.1de0: ChangeTime: 2018-05-19T11:04:42.625541000Z
7871ddc.1de0: FileAttributes: 0x20
7881ddc.1de0: Size: 0x32498
7891ddc.1de0: NT Headers: 0x110
7901ddc.1de0: Timestamp: 0x5ae37258
7911ddc.1de0: Machine: 0x8664 - amd64
7921ddc.1de0: Timestamp: 0x5ae37258
7931ddc.1de0: Image Version: 10.0
7941ddc.1de0: SizeOfImage: 0x33000 (208896)
7951ddc.1de0: Resource Dir: 0x31000 LB 0x350
7961ddc.1de0: ProductName: Avast Antivirus
7971ddc.1de0: ProductVersion: 18.4.3891.0
7981ddc.1de0: FileVersion: 18.4.3891.0
7991ddc.1de0: FileDescription: Stream Filter
8001ddc.1de0: \SystemRoot\System32\drivers\aswVmm.sys:
8011ddc.1de0: CreationTime: 2017-03-23T19:03:50.780728000Z
8021ddc.1de0: LastWriteTime: 2018-05-19T11:04:07.720544500Z
8031ddc.1de0: ChangeTime: 2018-05-19T11:04:42.626541000Z
8041ddc.1de0: FileAttributes: 0x20
8051ddc.1de0: Size: 0x5d270
8061ddc.1de0: NT Headers: 0xe8
8071ddc.1de0: Timestamp: 0x5ae36cf5
8081ddc.1de0: Machine: 0x8664 - amd64
8091ddc.1de0: Timestamp: 0x5ae36cf5
8101ddc.1de0: Image Version: 6.0
8111ddc.1de0: SizeOfImage: 0x5b000 (372736)
8121ddc.1de0: Resource Dir: 0x58000 LB 0x390
8131ddc.1de0: ProductName: Avast Antivirus
8141ddc.1de0: ProductVersion: 18.4.3891.0
8151ddc.1de0: FileVersion: 18.4.3891.0
8161ddc.1de0: FileDescription: Avast VM Monitor
8171ddc.1de0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8181ddc.1de0: Calling main()
8191ddc.1de0: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
8201ddc.1de0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox'
8211ddc.1de0: '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe' has no imports
8221ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.exe)
8231ddc.1de0: SUPR3HardenedMain: Final process, opening VBoxDrv...
8241ddc.1de0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002d0000 LB 0x400000)
8251ddc.1de0: supR3HardNtEnableThreadCreation:
8261ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
8271ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
8281ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb751:<flags> [calling]
8291ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8301ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee4550000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
8311ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8321ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8331ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8ed1:<flags> [calling]
8341ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8351ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
8361ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c8ed1:<flags> [calling]
8371ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8381ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4550000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
8391ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8401ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
8411ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8421ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
8431ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
8441ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
8451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
8461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
8471ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
8481ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
8491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8511ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
8521ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
8531ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
8541ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
8551ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
8561ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
8571ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
8581ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
8591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8601ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8611ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
8621ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
8631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
8641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
8651ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
8671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
8681ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8691ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd561:<flags> [calling]
8701ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8711ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd2c0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
8721ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
8731ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd6a0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
8741ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
8751ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd120000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
8761ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
8771ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
8781ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
8791ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff180000 LB 0x0012d000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
8801ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
8811ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2c0000 'C:\Windows\system32\Wintrust.dll'
8821ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
8831ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
8841ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd561:<flags> [calling]
8851ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8861ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefca30000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
8871ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8881ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca30000 'C:\Windows\system32\bcrypt.dll'
8891ddc.1de0: bcrypt.dll loaded at 000007fefca30000, BCryptOpenAlgorithmProvider at 000007fefca32460, preloading providers:
8901ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
8911ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
8921ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
8931ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
8941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
8951ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
8961ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
8971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
8981ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
8991ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9001ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
9011ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
9021ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
9031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9041ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9051ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9081ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9091ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd541:<flags> [calling]
9101ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9111ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefc520000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
9121ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
9131ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefeb70000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
9141ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9151ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
9161ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
9171ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
9181ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
9191ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd680000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
9201ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
9211ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc520000 'C:\Windows\system32\bcryptprimitives.dll'
9221ddc.1de0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000090b8f0)
9231ddc.1de0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000090d7b0)
9241ddc.1de0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000090d8e0)
9251ddc.1de0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000090db00)
9261ddc.1de0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000090dc30)
9271ddc.1de0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000090dd60)
9281ddc.1de0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000090dfb0)
9291ddc.1de0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000090e0e0)
9301ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
9311ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
9321ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
9331ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
9341ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
9351ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9371ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9381ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd0b1:<flags> [calling]
9391ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9401ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefc8e0000 LB 0x00017000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
9411ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9421ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\Windows\system32\CRYPTSP.dll'
9431ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9441ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
9451ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
9461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9471ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9481ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9491ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd041:<flags> [calling]
9501ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9511ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefc5e0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
9521ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
9531ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5e0000 'C:\Windows\system32\rsaenh.dll'
9541ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9551ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc8d1:<flags> [calling]
9561ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\Windows\system32\ADVAPI32.dll'
9571ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
9581ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
9591ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc51:<flags> [calling]
9601ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9611ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefcf40000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
9621ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
9631ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPTBASE.dll'
9641ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
9651ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc681:<flags> [calling]
9661ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077110000 'C:\Windows\system32\kernel32.dll'
9671ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
9681ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd011:<flags> [calling]
9691ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2c0000 'C:\Windows\system32\WINTRUST.DLL'
9701ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
9711ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cce41:<flags> [calling]
9721ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\CRYPT32.dll'
9731ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9741ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
9751ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
9761ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
9771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
9781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
9791ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
9801ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
9811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
9821ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
9831ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cce91:<flags> [calling]
9841ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9851ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff390000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
9861ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
9871ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff390000 'C:\Windows\system32\imagehlp.dll'
9881ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
9891ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccfe1:<flags> [calling]
9901ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc8e0000 'C:\Windows\system32\CRYPTSP.dll'
9911ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
9921ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'p2p.dll'.
9931ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'user32.dll'.
9941ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'gdi32.dll'.
9951ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'shell32.dll'.
9961ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'shlwapi.dll'.
9971ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\p2pcollab.dll)
9981ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\p2pcollab.dll
9991ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10001ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'qutil.dll'.
10011ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'userenv.dll'.
10021ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'dnsapi.dll'.
10031ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL)
10041ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL
10051ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10061ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'ws2_32.dll'.
10071ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'nsi.dll'.
10081ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\dnsapi.dll)
10091ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dnsapi.dll
10101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
10121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
10131ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
10141ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
10151ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'fveapi.dll'.
10161ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'fvecerts.dll'.
10171ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'crypt32.dll'.
10181ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'profapi.dll'.
10191ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fveui.dll)
10201ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fveui.dll
10211ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fveui.dll [lacks WinVerifyTrust]
10221ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10231ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
10241ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
10251ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'shell32.dll'.
10261ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'userenv.dll'.
10271ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
10281ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
10291ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'esent.dll'.
10301ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
10311ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'wtsapi32.dll'.
10321ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'winhttp.dll'.
10331ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winspool.drv'.
10341ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'crypt32.dll'.
10351ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'iphlpapi.dll'.
10361ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'wintrust.dll'.
10371ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'cabinet.dll'.
10381ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'mspatcha.dll'.
10391ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #19 'version.dll'.
10401ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wuaueng.dll)
10411ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wuaueng.dll
10421ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
10431ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
10441ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
10451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
10461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
10471ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
10481ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
10491ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
10501ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
10511ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'version.dll'...
10521ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'version.dll' -> '\Device\HarddiskVolume2\Windows\System32\version.dll' [rcNtRedir=0xc0150008]
10531ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
10541ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\version.dll)
10551ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
10561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mspatcha.dll'...
10571ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mspatcha.dll' -> '\Device\HarddiskVolume2\Windows\System32\mspatcha.dll' [rcNtRedir=0xc0150008]
10581ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10591ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\mspatcha.dll)
10601ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mspatcha.dll
10611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cabinet.dll'...
10621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cabinet.dll' -> '\Device\HarddiskVolume2\Windows\System32\cabinet.dll' [rcNtRedir=0xc0150008]
10631ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10641ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cabinet.dll)
10651ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cabinet.dll
10661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wintrust.dll'...
10671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wintrust.dll' -> '\Device\HarddiskVolume2\Windows\System32\wintrust.dll' [rcNtRedir=0xc0150008]
10681ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
10691ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
10701ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
10711ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10721ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
10731ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
10741ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
10751ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL)
10761ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
10771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
10781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
10791ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
10801ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
10811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
10821ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10831ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
10841ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
10851ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winspool.drv)
10861ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
10871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winhttp.dll'...
10881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winhttp.dll' -> '\Device\HarddiskVolume2\Windows\System32\winhttp.dll' [rcNtRedir=0xc0150008]
10891ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10901ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'webio.dll'.
10911ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winhttp.dll)
10921ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winhttp.dll
10931ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
10941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
10951ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
10961ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll)
10971ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
10981ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
10991ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
11001ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
11011ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'esent.dll'...
11021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'esent.dll' -> '\Device\HarddiskVolume2\Windows\System32\esent.dll' [rcNtRedir=0xc0150008]
11031ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11041ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\esent.dll)
11051ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\esent.dll
11061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11081ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11091ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
11101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
11111ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll)
11121ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
11131ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
11141ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
11151ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11161ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
11171ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
11181ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
11191ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
11201ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
11211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
11221ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11231ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
11241ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
11251ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
11261ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
11271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11291ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11301ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
11311ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
11321ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
11331ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shell32.dll)
11341ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
11351ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11371ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
11381ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
11391ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
11401ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
11411ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
11421ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll)
11431ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
11441ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
11451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
11461ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
11471ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11491ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
11511ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
11521ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11531ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
11541ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
11551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
11561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
11571ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
11581ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fvecerts.dll'...
11591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'fvecerts.dll' -> '\Device\HarddiskVolume2\Windows\System32\fvecerts.dll' [rcNtRedir=0xc0150008]
11601ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11611ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'crypt32.dll'.
11621ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\fvecerts.dll)
11631ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fvecerts.dll
11641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fveapi.dll'...
11651ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'fveapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\fveapi.dll' [rcNtRedir=0xc0150008]
11661ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11671ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'tbs.dll'.
11681ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'fvecerts.dll'.
11691ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'netapi32.dll'.
11701ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\fveapi.dll)
11711ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\fveapi.dll
11721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
11731ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
11741ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
11751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
11761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
11771ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll [lacks WinVerifyTrust]
11781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
11791ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
11801ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
11811ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
11821ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
11831ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
11841ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ole32.dll)
11851ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
11861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
11871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
11881ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
11891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
11901ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
11911ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
11921ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
11931ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
11941ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\nsi.dll)
11951ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
11961ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
11971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
11981ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll [lacks WinVerifyTrust]
11991ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12001ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12011ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dnsapi.dll'...
12031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dnsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll' [rcNtRedir=0xc0150008]
12041ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\dnsapi.dll [lacks WinVerifyTrust]
12051ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'userenv.dll'...
12061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'userenv.dll' -> '\Device\HarddiskVolume2\Windows\System32\userenv.dll' [rcNtRedir=0xc0150008]
12071ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
12081ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qutil.dll'...
12091ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qutil.dll' -> '\Device\HarddiskVolume2\Windows\System32\qutil.dll' [rcNtRedir=0xc0150008]
12101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
12121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wevtapi.dll'.
12131ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\QUTIL.DLL)
12141ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\QUTIL.DLL
12151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12171ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12181ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
12191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
12201ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
12211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
12221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
12231ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shell32.dll [lacks WinVerifyTrust]
12241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12261ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12291ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12301ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'p2p.dll'...
12311ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'p2p.dll' -> '\Device\HarddiskVolume2\Windows\System32\p2p.dll' [rcNtRedir=0xc0150008]
12321ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12331ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'p2pcollab.dll'.
12341ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
12351ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'rpcrt4.dll'.
12361ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\P2P.dll)
12371ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\P2P.dll
12381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12391ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12401ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12411ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12431ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12441ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12461ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12471ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'p2pcollab.dll'...
12481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'p2pcollab.dll' -> '\Device\HarddiskVolume2\Windows\System32\p2pcollab.dll' [rcNtRedir=0xc0150008]
12491ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\p2pcollab.dll [lacks WinVerifyTrust]
12501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12511ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12521ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12531ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wevtapi.dll'...
12541ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wevtapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\wevtapi.dll' [rcNtRedir=0xc0150008]
12551ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
12561ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wevtapi.dll)
12571ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wevtapi.dll
12581ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12601ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12631ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
12651ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
12661ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
12671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
12681ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
12691ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
12701ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
12711ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
12721ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
12731ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12741ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12751ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netapi32.dll'...
12771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\netapi32.dll' [rcNtRedir=0xc0150008]
12781ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'netutils.dll'.
12791ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'srvcli.dll'.
12801ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wkscli.dll'.
12811ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
12821ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\netapi32.dll)
12831ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netapi32.dll
12841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'fvecerts.dll'...
12851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'fvecerts.dll' -> '\Device\HarddiskVolume2\Windows\System32\fvecerts.dll' [rcNtRedir=0xc0150008]
12861ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\fvecerts.dll [lacks WinVerifyTrust]
12871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'tbs.dll'...
12881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'tbs.dll' -> '\Device\HarddiskVolume2\Windows\System32\tbs.dll' [rcNtRedir=0xc0150008]
12891ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
12901ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
12911ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'bcrypt.dll'.
12921ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\tbs.dll)
12931ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\tbs.dll
12941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
12951ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
12961ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
12971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
12981ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
12991ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
13001ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13011ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13021ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13041ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13051ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13081ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13091ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13101ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13111ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13121ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13131ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13141ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13171ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13181ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
13191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
13201ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ole32.dll [lacks WinVerifyTrust]
13211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13231ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13261ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
13281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
13291ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
13301ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13311ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13321ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13331ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
13341ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
13351ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
13361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13381ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13391ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13401ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13411ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13441ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13471ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13501ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13511ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
13521ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
13531ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
13541ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13561ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13571ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13581ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13591ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13601ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13621ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13651ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'webio.dll'...
13671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'webio.dll' -> '\Device\HarddiskVolume2\Windows\System32\webio.dll' [rcNtRedir=0xc0150008]
13681ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13691ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\webio.dll)
13701ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\webio.dll
13711ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13731ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13741ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
13751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
13761ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
13771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
13781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
13791ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
13801ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13821ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13831ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
13841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
13851ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
13861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
13871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
13881ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
13891ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
13901ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
13911ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll)
13921ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
13931ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
13941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
13951ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
13961ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
13971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
13981ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
13991ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14001ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14011ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14041ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14051ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14071ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14081ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
14091ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
14101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
14111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
14121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
14131ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
14141ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
14151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14171ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14181ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
14191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
14201ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14211ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
14221ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
14231ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
14241ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
14251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14261ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14271ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14291ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14301ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14311ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
14321ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
14331ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\nsi.dll [lacks WinVerifyTrust]
14341ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14351ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14361ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14391ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14401ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14411ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14421ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
14441ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
14451ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
14461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
14471ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
14481ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
14491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14511ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14521ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14531ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14541ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wkscli.dll'...
14561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wkscli.dll' -> '\Device\HarddiskVolume2\Windows\System32\wkscli.dll' [rcNtRedir=0xc0150008]
14571ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14581ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
14591ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wkscli.dll)
14601ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wkscli.dll
14611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'srvcli.dll'...
14621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'srvcli.dll' -> '\Device\HarddiskVolume2\Windows\System32\srvcli.dll' [rcNtRedir=0xc0150008]
14631ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14641ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
14651ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\srvcli.dll)
14661ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\srvcli.dll
14671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'netutils.dll'...
14681ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'netutils.dll' -> '\Device\HarddiskVolume2\Windows\System32\netutils.dll' [rcNtRedir=0xc0150008]
14691ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
14701ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\netutils.dll)
14711ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\netutils.dll
14721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14731ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14741ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14771ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14791ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14801ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14821ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14831ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
14851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
14861ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
14871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14891ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14901ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
14911ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
14921ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
14931ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
14941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
14951ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
14961ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
14971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
14981ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
14991ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccb11:<flags> [calling]
15001ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15011ddc.1de0: supR3HardenedDllNotificationCallback: load 0000000077230000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
15021ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15031ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefef80000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
15041ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15051ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefe810000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
15061ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
15071ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff450000 LB 0x000ca000 C:\Windows\system32\USP10.dll [fFlags=0x0]
15081ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
15091ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15101ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefef80000 'C:\Windows\system32\gdi32.dll'
15111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
15121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
15131ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
15141ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
15151ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
15161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
15171ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
15181ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15191ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
15201ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
15211ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
15221ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
15231ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
15241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15261ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15291ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15301ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
15311ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
15321ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15331ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
15341ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
15351ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
15361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
15371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
15381ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
15391ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15401ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15411ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15421ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb951:<flags> [calling]
15431ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15441ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefe790000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
15451ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
15461ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff520000 LB 0x00109000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
15471ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
15481ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'C:\Windows\system32\IMM32.DLL'
15491ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077230000 'C:\Windows\system32\USER32.dll'
15501ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
15511ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
15521ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
15531ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
15541ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
15551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
15561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
15571ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
15581ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15601ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
15621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
15631ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
15641ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cce11:<flags> [calling]
15651ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
15661ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefca60000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
15671ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
15681ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca60000 'C:\Windows\system32\ncrypt.dll'
15691ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
15701ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ccc01:<flags> [calling]
15711ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefca30000 'C:\Windows\system32\bcrypt.dll'
15721ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
15731ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc5c1:<flags> [calling]
15741ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
15751ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd100000 LB 0x0001e000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
15761ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
15771ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd0f0000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
15781ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
15791ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd100000 'C:\Windows\system32\USERENV.dll'
15801ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc321:<flags> [calling]
15811ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15821ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc6b1:<flags> [calling]
15831ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
15841ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
15851ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
15861ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
15871ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
15881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
15891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
15901ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
15911ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
15921ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
15931ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
15941ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc8e1:<flags> [calling]
15951ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
15961ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefc390000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
15971ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
15981ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc390000 'C:\Windows\system32\GPAPI.dll'
15991ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc831:<flags> [calling]
16001ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-WIN-Service-Management-L1-1-0.dll'
16011ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
16021ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbf31:<flags> [calling]
16031ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff180000 'C:\Windows\system32\rpcrt4.dll'
16041ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc811:<flags> [calling]
16051ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-WIN-Service-Management-L2-1-0.dll'
16061ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc821:<flags> [calling]
16071ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
16081ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16091ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
16101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
16111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
16121ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
16131ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
16141ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
16151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
16161ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
16171ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
16181ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
16191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
16201ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
16211ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
16221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
16231ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
16241ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
16251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16261ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16271ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
16281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
16291ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
16301ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
16311ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc301:<flags> [calling]
16321ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16331ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fef83e0000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
16341ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16351ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefe4d0000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
16361ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
16371ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16381ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16391ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16401ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16411ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16421ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16431ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16441ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16451ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16461ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16471ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16481ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16491ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16501ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16511ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16521ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16531ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000002cb531:<flags> [calling]
16541ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16551ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16561ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16571ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16581ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16591ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16601ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16611ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16621ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16631ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16641ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16651ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16661ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
16671ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef83e0000 'C:\Windows\system32\cryptnet.dll'
16681ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cbc91:<flags> [calling]
16691ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
16701ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
16711ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cbc91:<flags> [calling]
16721ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0f0000 'C:\Windows\system32\profapi.dll'
16731ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
16741ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb731:<flags> [calling]
16751ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
16761ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefeaf0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
16771ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
16781ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeaf0000 'C:\Windows\system32\SHLWAPI.dll'
16791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
16801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009825b0
16811ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
16821ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB06E72F615B4CC217433B1A5A61256FDD806BC8
16831ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc5d1:<flags> [calling]
16841ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
16851ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc131:<flags> [calling]
16861ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-WIN-Service-Management-L1-1-0.dll'
16871ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc131:<flags> [calling]
16881ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
16891ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
16901ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc5d1:<flags> [calling]
16911ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\Windows\system32\ADVAPI32.dll'
16921ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc581:<flags> [calling]
16931ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
16941ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000002cc271:<flags> [calling]
16951ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd680000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
16961ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\SystemRoot\System32\ntdll.dll'
16971ddc.1de0: g_pfnWinVerifyTrust=000007fefd2c1010
16981ddc.1de0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
16991ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
17001ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17011ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17021ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=95ACBEABDF95D4540C2AEE45F9DA915B1B77FD1D
17031ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_112_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
17041ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17051ddc.1de0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
17061ddc.1de0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
17071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
17081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17091ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17101ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=108407301192217C74BC9FE609CA642A66DBE98B
17111ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
17121ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17131ddc.1de0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
17141ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000434 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
17151ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17161ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17171ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
17181ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
17191ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17201ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
17211ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000430 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
17221ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17231ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17241ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1C670A9871F2BD448B2F0FA6127AC7A486B8D8F
17251ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_75_for_KB3004394~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
17261ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17271ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
17281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000002e8 pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
17291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17301ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17311ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
17321ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
17331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17341ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
17351ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000244 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
17361ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17371ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17381ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=07289E135D82CD59E676C3B35C23CEC799A060D5
17391ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
17401ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17411ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
17421ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000022c pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
17431ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17441ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17451ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=803AF52F95A9EFDFDA06C595023831EE36ACD3A8
17461ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
17471ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17481ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
17491ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000228 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
17501ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17511ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17521ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
17531ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
17541ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17551ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
17561ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000224 pwszName=\Device\HarddiskVolume2\Windows\System32\netutils.dll
17571ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17581ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17591ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8306096CD5A0F8293EF148E19ED019B06AE93885
17601ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\netutils.dll'
17611ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17621ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netutils.dll'
17631ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000220 pwszName=\Device\HarddiskVolume2\Windows\System32\srvcli.dll
17641ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17651ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17661ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=400D0B855E36AD0F411FF8CCA3D2345AB0767A07
17671ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\srvcli.dll'
17681ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17691ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\srvcli.dll'
17701ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000021c pwszName=\Device\HarddiskVolume2\Windows\System32\wkscli.dll
17711ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17721ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C267E1D4313EB19ADB82C565DAC855CACC695FB
17741ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wkscli.dll'
17751ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17761ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wkscli.dll'
17771ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000218 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
17781ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=ADC813DBDCF1B9FE5F76973E63FBF7AB579B7AB9
17811ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
17821ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17831ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
17841ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000214 pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
17851ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17861ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17871ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1ADF11F2EB36CBC89DF57411965E763C884B88C6
17881ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
17891ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17901ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
17911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000210 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
17921ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
17931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
17941ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
17951ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
17961ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
17971ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
17981ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000020c pwszName=\Device\HarddiskVolume2\Windows\System32\webio.dll
17991ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18001ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18011ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=14C321CCA4D71A29BA255744DFE55EB4FFC4421E
18021ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3140245~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\webio.dll'
18031ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18041ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\webio.dll'
18051ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000208 pwszName=\Device\HarddiskVolume2\Windows\System32\tbs.dll
18061ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0ABB798EB1CFF8F9CAF68CE79A2042596B02B281
18091ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_53_for_KB3133977~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\tbs.dll'
18101ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18111ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\tbs.dll'
18121ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000204 pwszName=\Device\HarddiskVolume2\Windows\System32\netapi32.dll
18131ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18141ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18151ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=73F6B3C606EE4D2D8D802352D9098FCC3BC6C71A
18161ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2705219~31bf3856ad364e35~amd64~~6.1.2.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
18171ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18181ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\netapi32.dll'
18191ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000200 pwszName=\Device\HarddiskVolume2\Windows\System32\wevtapi.dll
18201ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18211ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18221ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=55DA7FD585D1BB1141FCB26CB566ABAE87BD3461
18231ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wevtapi.dll'
18241ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18251ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wevtapi.dll'
18261ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001fc pwszName=\Device\HarddiskVolume2\Windows\System32\P2P.dll
18271ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C557FD9F986C779259848C98985B76C6D5FA3B1F
18301ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\P2P.dll'
18311ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18321ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\P2P.dll'
18331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f8 pwszName=\Device\HarddiskVolume2\Windows\System32\QUTIL.DLL
18341ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18351ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18361ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=AE4AF03C260DE1647DD962094EB412ADE135992F
18371ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\QUTIL.DLL'
18381ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18391ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\QUTIL.DLL'
18401ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f4 pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
18411ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18421ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18431ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
18441ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
18451ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18461ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\nsi.dll'
18471ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001f0 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
18481ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18491ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18501ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2E64AE329BD5124592BC8CB0B327AA3B95DC65B7
18511ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
18521ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18531ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ole32.dll'
18541ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\fveapi.dll'
18551ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\fvecerts.dll
18561ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18571ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18581ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0859E3867F20E18EC0BDE6490DDAF3A32F14753D
18591ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\fvecerts.dll'
18601ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18611ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\fvecerts.dll'
18621ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
18631ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18641ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18651ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
18661ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
18671ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18681ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
18691ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e0 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
18701ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18711ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18721ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C1D7CC9111C6B5A59641FA11BE0A6A1841FEBBCD
18731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2564958~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
18741ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18751ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
18761ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001dc pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
18771ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18781ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
18801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
18811ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18821ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shell32.dll'
18831ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d8 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
18841ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18851ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18861ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
18871ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
18881ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18891ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
18901ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d4 pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
18911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18921ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
18931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
18941ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18951ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
18961ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
18971ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001d0 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
18981ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
18991ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19001ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
19011ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
19021ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19031ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
19041ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume2\Windows\System32\esent.dll
19051ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19061ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3892D0E9EBB25B263C227B84340E96724DD5A0CD
19081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_27_for_KB982018~31bf3856ad364e35~amd64~~6.1.3.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\esent.dll'
19091ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19101ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\esent.dll'
19111ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
19121ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19131ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19141ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
19151ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
19161ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19171ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
19181ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c4 pwszName=\Device\HarddiskVolume2\Windows\System32\winhttp.dll
19191ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19201ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19211ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=748D1D438573DA1577DDE1F4751317EBB870A569
19221ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
19231ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19241ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winhttp.dll'
19251ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
19261ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19271ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
19291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
19301ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19311ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\winspool.drv'
19321ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
19331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19341ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19351ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
19361ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
19371ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19381ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
19391ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\cabinet.dll
19401ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19411ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19421ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5D1555851298EA005A2E9FEA027F5898BC240083
19431ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
19441ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19451ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cabinet.dll'
19461ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\mspatcha.dll
19471ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19481ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19491ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=867DF1D4BF8156CFE203C28B3D26A98D52097EEB
19501ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\mspatcha.dll'
19511ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19521ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\mspatcha.dll'
19531ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
19541ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19551ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19561ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
19571ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
19581ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19591ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\version.dll'
19601ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
19611ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19621ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19631ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0126444F4A25A12DBD10751B102843D9FD7BB320
19641ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
19651ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19661ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
19671ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
19681ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19691ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19701ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
19711ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Retrying with fresh context (CryptCATAdminEnumCatalogFromHash -> 1168; iCat=0x0)
19721ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: New context 00000000009825b0
19731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19741ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB05A6DD4AF9AC247D37C4B7BAFCCBD178A41E64
19751ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
19761ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000000982af0
19771ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000000982af0
19781ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=32 wszDigest=7458187B83265348D287AC7AB34C0A5AD0EFDAA5040E43F37D2AC3DBEB747E20
19791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: CryptCATAdminEnumCatalogFromHash failed ERRROR_NOT_FOUND (1168)
19801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> -22900 (org 22900)
19811ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: -22900 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
19821ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001bc pwszName=\Device\HarddiskVolume2\Windows\System32\wuaueng.dll
19831ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19841ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19851ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=BB4816B660307E21881A97CBE7C520BA1B35A878
19861ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_74_for_KB3138612~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\wuaueng.dll'
19871ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19881ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wuaueng.dll'
19891ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b8 pwszName=\Device\HarddiskVolume2\Windows\System32\fveui.dll
19901ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19921ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9AE2B4D78F4C4980AFC017D5D66719F0C47DCB1E
19931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\fveui.dll'
19941ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
19951ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\fveui.dll'
19961ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume2\Windows\System32\dnsapi.dll
19971ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
19981ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
19991ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8135E0E5EFBA7E8EB8BB5D5C7F47265131A2B951
20001ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2509553~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
20011ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20021ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\dnsapi.dll'
20031ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b0 pwszName=\Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL
20041ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20051ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20061ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FC2EE53DA4F252F05E7544C010A3124C84271DC1
20071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL'
20081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20091ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\QAGENTRT.DLL'
20101ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001ac pwszName=\Device\HarddiskVolume2\Windows\System32\p2pcollab.dll
20111ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20121ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20131ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8884501334743D4517754C1D4D4D9572449D8510
20141ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-PeerToPeer-Full-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\p2pcollab.dll'
20151ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20161ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\p2pcollab.dll'
20171ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
20181ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20191ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20201ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
20211ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
20221ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20231ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
20241ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
20251ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20261ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20271ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0BEA7B8798A240BF8044DC88BD0858BCF570AE64
20281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
20291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20301ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
20311ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
20321ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
20331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20341ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20351ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40667EDBA9045D4A4BE1D4844665D3B88F8CD0E0
20361ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
20371ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20381ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
20391ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
20401ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20411ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20421ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
20431ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
20441ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20451ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
20461ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
20471ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20481ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20491ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1A45338317E2403A09CD98DB614D5FC030DF62F
20501ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_216_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
20511ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20521ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
20531ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
20541ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
20551ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20561ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20571ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=830B502D881807930294E4891BE15146B1E7E10C
20581ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
20591ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20601ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
20611ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
20621ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20631ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20641ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
20651ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
20661ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20671ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
20681ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
20691ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20701ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20711ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
20721ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
20731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20741ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
20751ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
20761ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20771ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20781ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A6D98EFDA5AD849FCFE1D958015D6B576F27401C
20791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
20801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20811ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
20821ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
20831ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
20841ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20851ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20861ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E05EE0D5C405A4EDCF47D726F8EABF1416BD9E8E
20871ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
20881ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20891ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
20901ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
20911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
20921ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
20931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=965E9904D7E008C8F75FAE3B7CD632EFC2A565F6
20941ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_91_for_KB4012212~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
20951ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
20961ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
20971ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
20981ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc071:<flags> [calling]
20991ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\crypt32.dll'
21001ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
21011ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
21021ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
21031ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x8303a5dbe8d38600 CN=UniversalADB
21041ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
21051ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
21061ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
21071ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
21081ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xbfc2c39c3c72c000 OU=generated by Avast Antivirus for SSL/TLS scanning, O=Avast Web/Mail Shield, CN=Avast Web/Mail Shield Root
21091ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
21101ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa12b07674f1bf600 C=US, O=AffirmTrust, CN=AffirmTrust Commercial
21111ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x2ca429a5c4c6a700 C=IT, L=Milan, O=Actalis S.p.A./03358520967, CN=Actalis Authentication Root CA
21121ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
21131ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
21141ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
21151ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
21161ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xe35016950adaa500 C=NO, O=Buypass AS-983163327, CN=Buypass Class 3 Root CA
21171ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
21181ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xe248b7eeee4af00 C=CH, O=SwissSign AG, CN=SwissSign Gold CA - G2
21191ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x266e9b638ffac00 C=HK, O=Hongkong Post, CN=Hongkong Post Root CA 1
21201ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
21211ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
21221ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
21231ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xeae16ef49d40be00 C=GB, ST=Greater Manchester, L=Salford, O=Comodo CA Limited, CN=AAA Certificate Services
21241ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
21251ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
21261ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
21271ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
21281ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
21291ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xb3d6d6c9f168c800 C=FR, O=Dhimyotis, CN=Certigna
21301ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
21311ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
21321ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
21331ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x3178d37f87f1c400 C=CH, O=SwissSign AG, CN=SwissSign Silver CA - G2
21341ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
21351ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
21361ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
21371ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
21381ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xdaad63f38ff8e900 C=HU, L=Budapest, O=Microsec Ltd., CN=Microsec e-Szigno Root CA 2009, Email=info@e-szigno.hu
21391ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
21401ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
21411ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xabd0695c5d11d15e C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority - G2, OU=(c) 1998 VeriSign, Inc. - For authorized use only, OU=VeriSign Trust Network
21421ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
21431ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
21441ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x35f812d09650dc00 C=FR, O=Certplus, CN=Class 2 Primary CA
21451ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
21461ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
21471ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
21481ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x3eaa756fe759c500 C=NL, O=Staat der Nederlanden, CN=Staat der Nederlanden Root CA - G2
21491ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x73e85f1bda5faa00 C=DE, O=T-Systems Enterprise Services GmbH, OU=T-Systems Trust Center, CN=T-TeleSec GlobalRoot Class 2
21501ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
21511ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
21521ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xd407c1f75ec7d700 C=NO, O=Buypass AS-983163327, CN=Buypass Class 2 Root CA
21531ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
21541ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
21551ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xf0ca9d354a179000 C=FI, O=Sonera, CN=Sonera Class2 CA
21561ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
21571ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
21581ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
21591ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
21601ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x1f78fc529cbacb00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 1999 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G3
21611ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
21621ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x6d4bbe735e24c400 C=HU, L=Budapest, O=NetLock Kft., OU=Tanúsítványkiadók (Certification Services), CN=NetLock Arany (Class Gold) Főtanúsítvány
21631ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
21641ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8b43f38c3f7b100 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Hardware
21651ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
21661ddc.1de0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
21671ddc.1de0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=67
21681ddc.1de0: SUPR3HardenedMain: Load Runtime...
21691ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21701ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
21711ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
21721ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
21731ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
21741ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
21751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
21761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
21771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
21781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
21791ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
21801ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
21811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
21821ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
21831ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
21841ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
21851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21871ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
21881ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
21901ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
21911ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21921ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc3a1:<flags> [calling]
21931ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
21941ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee25d0000 LB 0x0052e000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
21951ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
21961ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21971ddc.1de0: supR3HardenedDllNotificationCallback: load 000000006f190000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
21981ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
21991ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22001ddc.1de0: supR3HardenedDllNotificationCallback: load 000000006dc60000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
22011ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
22021ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefe7c0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
22031ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
22041ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff630000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
22051ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
22061ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22071ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22081ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22091ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22101ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22111ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22121ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22131ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22141ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22151ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22161ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22171ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22181ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22191ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22201ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22211ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22221ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22231ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22241ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22251ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22261ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22271ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22281ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22291ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22301ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22311ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22321ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22331ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22341ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22351ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22361ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22371ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22381ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22391ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22401ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22411ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22421ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22431ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22441ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22451ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22461ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22471ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22481ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22491ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VBoxRT.dll
22501ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002c9ae1:<flags> [calling]
22511ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22521ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22531ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22541ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee25d0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
22551ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
22561ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdf01:<flags> [calling]
22571ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2c0000 'C:\Windows\system32\Wintrust.dll'
22581ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd120000 'C:\Windows\system32\crypt32.dll'
22591ddc.1de0: SUPR3HardenedMain: Load TrustedMain...
22601ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
22611ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
22621ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
22631ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
22641ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
22651ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
22661ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
22671ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
22681ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
22691ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
22701ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
22711ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
22721ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
22731ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
22741ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
22751ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll) WinVerifyTrust
22761ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
22771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
22781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
22791ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
22801ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
22811ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
22821ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
22831ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
22841ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
22851ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
22861ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
22871ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
22881ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
22891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
22901ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
22911ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
22921ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
22931ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
22941ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
22951ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
22961ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
22971ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
22981ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
22991ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
23001ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
23011ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23031ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
23041ddc.1de0: Error (rc=0):
23051ddc.1de0: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume2\Windows\System32\user32.dll
23061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
23071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
23081ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
23091ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
23101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
23111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
23121ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
23131ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
23141ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
23151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
23161ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
23171ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
23181ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
23191ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
23201ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
23211ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
23221ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
23231ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
23241ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll) WinVerifyTrust
23251ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
23261ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
23271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
23281ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
23291ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
23301ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
23311ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
23321ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
23331ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
23341ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
23351ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
23361ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
23371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
23381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
23391ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
23401ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
23411ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
23421ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23431ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
23441ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
23451ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
23461ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
23471ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
23481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
23491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
23501ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
23511ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
23521ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
23531ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
23541ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
23551ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
23561ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
23571ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
23581ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
23591ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
23601ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
23611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
23621ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
23631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
23641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
23651ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
23661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
23671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
23681ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
23691ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
23701ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
23711ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
23721ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
23731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
23741ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
23751ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23761ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23771ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
23781ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
23791ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
23801ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
23811ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
23821ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
23831ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
23841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
23851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
23861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
23871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
23881ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000534 pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
23891ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
23901ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
23911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
23921ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
23931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
23941ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
23951ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
23961ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
23971ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
23981ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
23991ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
24001ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
24011ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
24021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
24031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
24041ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
24051ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
24061ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
24071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
24081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
24091ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24101ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
24111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
24121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
24131ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
24141ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
24151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24171ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24181ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
24201ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
24211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24231ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24261ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
24281ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
24291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000054c pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
24301ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
24311ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
24321ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
24331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
24341ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24351ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
24361ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
24371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
24381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
24391ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
24401ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
24411ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
24421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24441ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24471ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24511ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24521ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24531ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24541ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24551ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24571ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24581ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24601ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24611ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
24641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
24651ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
24661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
24671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
24681ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
24691ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24701ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24711ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
24731ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
24741ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcp100.dll
24751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
24761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
24771ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
24781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
24791ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
24801ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
24811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
24821ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
24831ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
24841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
24851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
24861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
24871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
24881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
24891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
24901ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll
24911ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
24921ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
24931ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000558 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
24941ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
24951ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
24961ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
24971ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
24981ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
24991ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25001ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
25011ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25021ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
25031ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
25041ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
25051ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
25061ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
25071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
25081ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
25091ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
25101ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25111ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25121ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25131ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
25141ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
25151ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
25161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
25171ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
25181ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25201ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25231ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
25241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
25251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
25261ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
25271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
25281ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
25291ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
25301ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
25311ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
25321ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
25331ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
25341ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
25351ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25391ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
25401ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
25411ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
25421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
25431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
25441ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000520 pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
25451ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
25461ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
25471ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
25481ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
25491ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25501ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
25511ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25521ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
25531ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
25541ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
25551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
25561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
25571ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25581ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25591ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
25601ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
25611ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
25621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
25651ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
25661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
25671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
25681ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
25691ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
25701ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
25711ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
25721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
25731ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000560 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25741ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
25751ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
25761ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
25771ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
25781ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25791ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
25801ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
25811ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
25821ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
25831ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
25841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
25851ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
25861ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
25871ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
25881ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
25891ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
25901ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
25911ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
25921ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
25931ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
25941ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
25951ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
25961ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
25971ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
25981ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
25991ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
26001ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
26011ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26021ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
26041ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
26051ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000570 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
26061ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
26071ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
26081ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DF20394F8A147665B04BBC62047B83F7A21D87DB
26091ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
26101ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26111ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26121ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
26131ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
26141ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
26151ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
26161ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26171ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26181ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26191ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26201ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26211ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26221ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26231ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26241ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26251ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26261ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
26271ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
26281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000538 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
26291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
26301ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
26311ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
26321ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
26331ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26341ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26351ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
26361ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
26371ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
26381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
26391ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
26401ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
26411ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26441ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26451ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26461ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26471ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26481ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26491ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26501ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26511ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000574 pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
26521ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
26531ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
26541ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
26551ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
26561ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
26571ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
26581ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
26591ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
26601ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
26611ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
26621ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26631ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26641ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26651ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26661ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26671ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26681ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
26691ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
26701ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
26711ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
26721ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26731ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26741ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
26751ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
26761ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
26771ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
26781ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26791ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26801ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
26811ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
26821ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
26831ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
26841ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
26851ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc3b1:<flags> [calling]
26861ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
26871ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee1ce0000 LB 0x008e7000 C:\Program Files\Oracle\VirtualBox\VirtualBox.dll [fFlags=0x0]
26881ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\VirtualBox.dll
26891ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
26901ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feedde0000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
26911ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
26921ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
26931ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fef1ff0000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
26941ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
26951ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
26961ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feedce0000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
26971ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
26981ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
26991ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fef3380000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
27001ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
27011ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd4a0000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
27021ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
27031ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd450000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
27041ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
27051ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feff2b0000 LB 0x000d7000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
27061ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
27071ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefecd0000 LB 0x00203000 C:\Windows\system32\ole32.dll [fFlags=0x0]
27081ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27091ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd290000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
27101ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
27111ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27121ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefb6a0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
27131ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
27141ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
27151ddc.1de0: supR3HardenedDllNotificationCallback: load 000000005fc50000 LB 0x00566000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
27161ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
27171ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefd740000 LB 0x00d8a000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
27181ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
27191ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
27201ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fef5490000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
27211ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
27221ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
27231ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee16e0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
27241ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
27251ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
27261ddc.1de0: supR3HardenedDllNotificationCallback: load 000000005f170000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
27271ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
27281ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
27291ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee44a0000 LB 0x00051000 C:\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll [fFlags=0x0]
27301ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5PrintSupportVBox.dll
27311ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
27321ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefa4f0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
27331ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
27341ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefeee0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
27351ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
27361ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
27371ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
27381ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
27391ddc.1de0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
27401ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
27411ddc.1de0: supR3HardenedDllNotificationCallback: load 000007feeb400000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
27421ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
27431ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
27441ddc.1de0: supR3HardenedDllNotificationCallback: load 000000006dc00000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
27451ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
27461ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27471ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefadd0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
27481ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
27491ddc.1de0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
27501ddc.1de0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
27511ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
27521ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
27531ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
27541ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
27551ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
27561ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27571ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27581ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cb981:<flags> [calling]
27591ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe790000 'C:\Windows\system32\imm32.dll'
27601ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\Windows\system32\ADVAPI32.DLL'
27611ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
27621ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
27631ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\cryptbase.dll'
27641ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee1ce0000 'C:\Program Files\Oracle\VirtualBox\VirtualBox.dll'
27651ddc.1de0: SUPR3HardenedMain: Calling TrustedMain (000007fee1ce1610)...
27661ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
27671ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdcb1:<flags> [calling]
27681ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefecd0000 'C:\Windows\system32\ole32.dll'
27691ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb70000 'C:\Windows\system32\ADVAPI32.dll'
27701ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
27711ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cc391:<flags> [calling]
27721ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0f0000 'C:\Windows\system32\profapi.dll'
27731ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
27741ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
27751ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
27761ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
27771ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
27781ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
27791ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
27801ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
27811ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
27821ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
27831ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
27841ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
27851ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
27861ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
27871ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
27881ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
27891ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
27901ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
27911ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
27921ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
27931ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
27941ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
27951ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
27961ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
27971ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
27981ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
27991ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
28001ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
28011ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
28021ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
28031ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
28041ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
28051ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
28061ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
28071ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
28081ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
28091ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28101ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28111ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
28121ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
28131ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
28141ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28151ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28161ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce681:<flags> [calling]
28171ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
28181ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fee15b0000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
28191ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
28201ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee15b0000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
28211ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
28221ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce5b1:<flags> [calling]
28231ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf40000 'C:\Windows\system32\CRYPTBASE.dll'
28241ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000061c pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28251ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 00000000009825b0
28261ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=00000000009825b0
28271ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
28281ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
28291ddc.1de0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
28301ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
28311ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
28321ddc.1de0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
28331ddc.1de0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
28341ddc.1de0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28351ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
28361ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
28371ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
28381ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
28391ddc.1de0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status -22900 (0xffffa68c)) on \Device\HarddiskVolume2\Windows\System32\user32.dll
28401ddc.1de0: Error (rc=0):
28411ddc.1de0: supR3HardenedScreenImage/Imports: cached rc=Unknown Status -22900 (0xffffa68c) fImage=1 fProtect=0x0 fAccess=0x0 cHits=32 \Device\HarddiskVolume2\Windows\System32\user32.dll
28421ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
28431ddc.1de0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
28441ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002ce081:<flags> [calling]
28451ddc.1de0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28461ddc.1de0: supR3HardenedDllNotificationCallback: load 000007fefbad0000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
28471ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28481ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\Windows\system32\uxtheme.dll'
28491ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28501ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cdac1:<flags> [calling]
28511ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\Windows\system32\uxtheme.dll'
28521ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28531ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd831:<flags> [calling]
28541ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\Windows\system32\uxtheme.dll'
28551ddc.1de0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
28561ddc.1de0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002cd831:<flags> [calling]
28571ddc.1de0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbad0000 'C:\Windows\system32\uxtheme.dll'
28581dc8.1dcc: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 1500 ms, the end);
28591d98.1d9c: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0x1 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 2081 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy