VirtualBox

Ticket #19040: VBoxHardening.log

File VBoxHardening.log, 378.9 KB (added by buffy, 5 years ago)
Line 
11850.1e04: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
21850.1e04: \SystemRoot\System32\ntdll.dll:
31850.1e04: CreationTime: 2019-10-09T01:27:22.092080700Z
41850.1e04: LastWriteTime: 2019-09-17T02:30:20.147562700Z
51850.1e04: ChangeTime: 2019-10-09T10:14:41.162836800Z
61850.1e04: FileAttributes: 0x20
71850.1e04: Size: 0x197e80
81850.1e04: NT Headers: 0xe0
91850.1e04: Timestamp: 0x5d804531
101850.1e04: Machine: 0x8664 - amd64
111850.1e04: Timestamp: 0x5d804531
121850.1e04: Image Version: 6.1
131850.1e04: SizeOfImage: 0x19f000 (1699840)
141850.1e04: Resource Dir: 0x142000 LB 0x5a038
151850.1e04: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
161850.1e04: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
171850.1e04: ProductName: Microsoft® Windows® Operating System
181850.1e04: ProductVersion: 6.1.7601.24524
191850.1e04: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
201850.1e04: FileDescription: NT Layer DLL
211850.1e04: \SystemRoot\System32\kernel32.dll:
221850.1e04: CreationTime: 2019-10-09T01:27:21.194966800Z
231850.1e04: LastWriteTime: 2019-09-17T02:28:24.024000000Z
241850.1e04: ChangeTime: 2019-10-09T10:14:41.786837900Z
251850.1e04: FileAttributes: 0x20
261850.1e04: Size: 0x11be00
271850.1e04: NT Headers: 0xe0
281850.1e04: Timestamp: 0x5d804571
291850.1e04: Machine: 0x8664 - amd64
301850.1e04: Timestamp: 0x5d804571
311850.1e04: Image Version: 6.1
321850.1e04: SizeOfImage: 0x11f000 (1175552)
331850.1e04: Resource Dir: 0x116000 LB 0x530
341850.1e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
351850.1e04: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
361850.1e04: ProductName: Microsoft® Windows® Operating System
371850.1e04: ProductVersion: 6.1.7601.24524
381850.1e04: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
391850.1e04: FileDescription: Windows NT BASE API Client DLL
401850.1e04: \SystemRoot\System32\KernelBase.dll:
411850.1e04: CreationTime: 2019-10-09T01:27:21.135459200Z
421850.1e04: LastWriteTime: 2019-09-17T02:28:24.029000000Z
431850.1e04: ChangeTime: 2019-10-09T10:14:41.771237900Z
441850.1e04: FileAttributes: 0x20
451850.1e04: Size: 0x63c00
461850.1e04: NT Headers: 0xe8
471850.1e04: Timestamp: 0x5d804572
481850.1e04: Machine: 0x8664 - amd64
491850.1e04: Timestamp: 0x5d804572
501850.1e04: Image Version: 6.1
511850.1e04: SizeOfImage: 0x67000 (421888)
521850.1e04: Resource Dir: 0x65000 LB 0x538
531850.1e04: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
541850.1e04: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
551850.1e04: ProductName: Microsoft® Windows® Operating System
561850.1e04: ProductVersion: 6.1.7601.24524
571850.1e04: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
581850.1e04: FileDescription: Windows NT BASE API Client DLL
591850.1e04: \SystemRoot\System32\apisetschema.dll:
601850.1e04: CreationTime: 2019-10-09T01:27:19.409240000Z
611850.1e04: LastWriteTime: 2019-09-17T02:28:10.663000000Z
621850.1e04: ChangeTime: 2019-10-09T10:14:41.116036800Z
631850.1e04: FileAttributes: 0x20
641850.1e04: Size: 0x1c00
651850.1e04: NT Headers: 0xc0
661850.1e04: Timestamp: 0x5d804503
671850.1e04: Machine: 0x8664 - amd64
681850.1e04: Timestamp: 0x5d804503
691850.1e04: Image Version: 6.1
701850.1e04: SizeOfImage: 0x50000 (327680)
711850.1e04: Resource Dir: 0x30000 LB 0x408
721850.1e04: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
731850.1e04: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
741850.1e04: ProductName: Microsoft® Windows® Operating System
751850.1e04: ProductVersion: 6.1.7601.24524
761850.1e04: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
771850.1e04: FileDescription: ApiSet Schema DLL
781850.1e04: supR3HardenedWinFindAdversaries: 0x0
791850.1e04: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
801850.1e04: Calling main()
811850.1e04: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
821850.1e04: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
831850.1e04: SUPR3HardenedMain: Respawn #1
841850.1e04: System32: \Device\HarddiskVolume1\Windows\System32
851850.1e04: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
861850.1e04: KnownDllPath: C:\Windows\system32
871850.1e04: supR3HardenedWinInit: Performing a limited self purification...
881850.1e04: supHardNtVpScanVirtualMemory: enmKind=SELF_PURIFICATION
891850.1e04: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
901850.1e04: *0000000000010000-000000000001ffff 0x0004/0x0004 0x0040000
911850.1e04: 0000000000020000-000000000002ffff 0x0001/0x0000 0x0000000
921850.1e04: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
931850.1e04: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
941850.1e04: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
951850.1e04: 0000000000041000-000000000006ffff 0x0001/0x0000 0x0000000
961850.1e04: *0000000000070000-0000000000129fff 0x0000/0x0004 0x0020000
971850.1e04: 000000000012a000-000000000012bfff 0x0104/0x0004 0x0020000
981850.1e04: 000000000012c000-000000000016ffff 0x0004/0x0004 0x0020000
991850.1e04: 0000000000170000-000000000017ffff 0x0001/0x0000 0x0000000
1001850.1e04: *0000000000180000-0000000000184fff 0x0004/0x0004 0x0020000
1011850.1e04: 0000000000185000-000000000027ffff 0x0000/0x0004 0x0020000
1021850.1e04: *0000000000280000-00000000002e6fff 0x0002/0x0002 0x0040000
1031850.1e04: 00000000002e7000-00000000002effff 0x0001/0x0000 0x0000000
1041850.1e04: *00000000002f0000-000000000036ffff 0x0004/0x0004 0x0020000
1051850.1e04: *0000000000370000-000000000050ffff 0x0004/0x0004 0x0020000
1061850.1e04: *0000000000510000-0000000000523fff 0x0004/0x0004 0x0020000
1071850.1e04: 0000000000524000-000000000060ffff 0x0000/0x0004 0x0020000
1081850.1e04: 0000000000610000-00000000775dffff 0x0001/0x0000 0x0000000
1091850.1e04: *00000000775e0000-00000000775e0fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1101850.1e04: 00000000775e1000-000000007767bfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1111850.1e04: 000000007767c000-00000000776e9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1121850.1e04: 00000000776ea000-00000000776ebfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1131850.1e04: 00000000776ec000-00000000776fefff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\kernel32.dll
1141850.1e04: 00000000776ff000-00000000777fffff 0x0001/0x0000 0x0000000
1151850.1e04: *0000000077800000-0000000077800fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1161850.1e04: 0000000077801000-0000000077924fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1171850.1e04: 0000000077925000-0000000077926fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1181850.1e04: 0000000077927000-0000000077928fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1191850.1e04: 0000000077929000-000000007792afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1201850.1e04: 000000007792b000-000000007792dfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1211850.1e04: 000000007792e000-0000000077930fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1221850.1e04: 0000000077931000-0000000077933fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1231850.1e04: 0000000077934000-000000007799efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1241850.1e04: 000000007799f000-000000007efdffff 0x0001/0x0000 0x0000000
1251850.1e04: *000000007efe0000-000000007efe4fff 0x0002/0x0002 0x0040000
1261850.1e04: 000000007efe5000-000000007f0dffff 0x0000/0x0002 0x0040000
1271850.1e04: *000000007f0e0000-000000007ffdffff 0x0000/0x0002 0x0020000
1281850.1e04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1291850.1e04: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1301850.1e04: 000000007fff0000-000000013f77ffff 0x0001/0x0000 0x0000000
1311850.1e04: *000000013f780000-000000013f780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1321850.1e04: 000000013f781000-000000013f7f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1331850.1e04: 000000013f7f6000-000000013f7f6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1341850.1e04: 000000013f7f7000-000000013f83efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1351850.1e04: 000000013f83f000-000000013f841fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1361850.1e04: 000000013f842000-000000013f844fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1371850.1e04: 000000013f845000-000000013f847fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1381850.1e04: 000000013f848000-000000013f848fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1391850.1e04: 000000013f849000-000000013f84afff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1401850.1e04: 000000013f84b000-000000013f84bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1411850.1e04: 000000013f84c000-000000013f894fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1421850.1e04: 000000013f895000-000007fefd37ffff 0x0001/0x0000 0x0000000
1431850.1e04: *000007fefd380000-000007fefd380fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1441850.1e04: 000007fefd381000-000007fefd3c7fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1451850.1e04: 000007fefd3c8000-000007fefd3dcfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1461850.1e04: 000007fefd3dd000-000007fefd3defff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1471850.1e04: 000007fefd3df000-000007fefd3e6fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
1481850.1e04: 000007fefd3e7000-000007feffafffff 0x0001/0x0000 0x0000000
1491850.1e04: *000007feffb00000-000007feffb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
1501850.1e04: 000007feffb01000-000007fffff9ffff 0x0001/0x0000 0x0000000
1511850.1e04: *000007fffffa0000-000007fffffd2fff 0x0002/0x0002 0x0040000
1521850.1e04: 000007fffffd3000-000007fffffd3fff 0x0001/0x0000 0x0000000
1531850.1e04: *000007fffffd4000-000007fffffd4fff 0x0004/0x0004 0x0020000
1541850.1e04: 000007fffffd5000-000007fffffddfff 0x0001/0x0000 0x0000000
1551850.1e04: *000007fffffde000-000007fffffdffff 0x0004/0x0004 0x0020000
1561850.1e04: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
1571850.1e04: apisetschema.dll: timestamp 0x5d804503 (rc=VINF_SUCCESS)
1581850.1e04: kernelbase.dll: timestamp 0x5d804572 (rc=VINF_SUCCESS)
1591850.1e04: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
1601850.1e04: kernel32.dll: timestamp 0x5d804571 (rc=VINF_SUCCESS)
1611850.1e04: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1621850.1e04: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
1631850.1e04: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
1641850.1e04: supR3HardenedWinInit: SUPHARDNTVPKIND_SELF_PURIFICATION_LIMITED -> VINF_SUCCESS, cFixes=0
1651850.1e04: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
1661850.1e04: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
1671850.1e04: supR3HardNtEnableThreadCreationEx:
1681850.1e04: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077843710 pvNtTerminateThread=0000000077869db0
1691850.1e04: supR3HardenedWinDoReSpawn(1): New child 2204.3a0 [kernel32].
1701850.1e04: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
1711850.1e04: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077800000 uNtDllChildAddr=0000000077800000
1721850.1e04: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077843710
1731850.1e04: supR3HardenedWinSetupChildInit: Start child.
1741850.1e04: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
1751850.1e04: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
1761850.1e04: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
1771850.1e04: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
1781850.1e04: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
1791850.1e04: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
1801850.1e04: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
1811850.1e04: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
1821850.1e04: 0000000000041000-00000000001effff 0x0001/0x0000 0x0000000
1831850.1e04: *00000000001f0000-00000000002ebfff 0x0000/0x0004 0x0020000
1841850.1e04: 00000000002ec000-00000000002edfff 0x0104/0x0004 0x0020000
1851850.1e04: 00000000002ee000-00000000002effff 0x0004/0x0004 0x0020000
1861850.1e04: 00000000002f0000-00000000777fffff 0x0001/0x0000 0x0000000
1871850.1e04: *0000000077800000-0000000077800fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1881850.1e04: 0000000077801000-0000000077924fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1891850.1e04: 0000000077925000-000000007792afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1901850.1e04: 000000007792b000-000000007792bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1911850.1e04: 000000007792c000-0000000077933fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1921850.1e04: 0000000077934000-000000007799efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
1931850.1e04: 000000007799f000-000000007efdffff 0x0001/0x0000 0x0000000
1941850.1e04: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
1951850.1e04: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
1961850.1e04: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
1971850.1e04: 000000007fff0000-000000013f77ffff 0x0001/0x0000 0x0000000
1981850.1e04: *000000013f780000-000000013f780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
1991850.1e04: 000000013f781000-000000013f7f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2001850.1e04: 000000013f7f6000-000000013f7f6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2011850.1e04: 000000013f7f7000-000000013f83efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2021850.1e04: 000000013f83f000-000000013f83ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2031850.1e04: 000000013f840000-000000013f840fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2041850.1e04: 000000013f841000-000000013f845fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2051850.1e04: 000000013f846000-000000013f846fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2061850.1e04: 000000013f847000-000000013f847fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2071850.1e04: 000000013f848000-000000013f84bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2081850.1e04: 000000013f84c000-000000013f894fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
2091850.1e04: 000000013f895000-000007feffafffff 0x0001/0x0000 0x0000000
2101850.1e04: *000007feffb00000-000007feffb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
2111850.1e04: 000007feffb01000-000007fffff9ffff 0x0001/0x0000 0x0000000
2121850.1e04: *000007fffffa0000-000007fffffd2fff 0x0002/0x0002 0x0040000
2131850.1e04: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
2141850.1e04: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
2151850.1e04: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
2161850.1e04: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
2171850.1e04: supR3HardNtChildPurify: Done after 266 ms and 0 fixes (loop #0).
2182204.3a0: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
2192204.3a0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077800000 g_uNtVerCombined=0x611db100
2202204.3a0: ntdll.dll: timestamp 0x5d804531 (rc=VINF_SUCCESS)
2212204.3a0: New simple heap: #1 00000000002f0000 LB 0x400000 (for 1699840 allocation)
2221850.1e04: supR3HardNtEnableThreadCreationEx:
2232204.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
2242204.3a0: System32: \Device\HarddiskVolume1\Windows\System32
2252204.3a0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
2262204.3a0: KnownDllPath: C:\Windows\system32
2272204.3a0: supR3HardenedVmProcessInit: Opening vboxdrv stub...
2282204.3a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
2292204.3a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
2302204.3a0: Registered Dll notification callback with NTDLL.
2312204.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
2322204.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
2332204.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2342204.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2352204.3a0: supR3HardenedDllNotificationCallback: load 00000000775e0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
2362204.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
2372204.3a0: supR3HardenedDllNotificationCallback: load 000007fefd380000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
2382204.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
2392204.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
2402204.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775e0000 'C:\Windows\system32\kernel32.dll'
2412204.3a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077843710 pvNtTerminateThread=0000000077869db0
2421850.1e04: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 25 ms.
2432204.3a0: \SystemRoot\System32\ntdll.dll:
2442204.3a0: CreationTime: 2019-10-09T01:27:22.092080700Z
2452204.3a0: LastWriteTime: 2019-09-17T02:30:20.147562700Z
2462204.3a0: ChangeTime: 2019-10-09T10:14:41.162836800Z
2472204.3a0: FileAttributes: 0x20
2482204.3a0: Size: 0x197e80
2492204.3a0: NT Headers: 0xe0
2502204.3a0: Timestamp: 0x5d804531
2512204.3a0: Machine: 0x8664 - amd64
2522204.3a0: Timestamp: 0x5d804531
2532204.3a0: Image Version: 6.1
2542204.3a0: SizeOfImage: 0x19f000 (1699840)
2552204.3a0: Resource Dir: 0x142000 LB 0x5a038
2562204.3a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
2572204.3a0: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
2582204.3a0: ProductName: Microsoft® Windows® Operating System
2592204.3a0: ProductVersion: 6.1.7601.24524
2602204.3a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
2612204.3a0: FileDescription: NT Layer DLL
2622204.3a0: \SystemRoot\System32\kernel32.dll:
2632204.3a0: CreationTime: 2019-10-09T01:27:21.194966800Z
2642204.3a0: LastWriteTime: 2019-09-17T02:28:24.024000000Z
2652204.3a0: ChangeTime: 2019-10-09T10:14:41.786837900Z
2662204.3a0: FileAttributes: 0x20
2672204.3a0: Size: 0x11be00
2682204.3a0: NT Headers: 0xe0
2692204.3a0: Timestamp: 0x5d804571
2702204.3a0: Machine: 0x8664 - amd64
2712204.3a0: Timestamp: 0x5d804571
2722204.3a0: Image Version: 6.1
2732204.3a0: SizeOfImage: 0x11f000 (1175552)
2742204.3a0: Resource Dir: 0x116000 LB 0x530
2752204.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2762204.3a0: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
2772204.3a0: ProductName: Microsoft® Windows® Operating System
2782204.3a0: ProductVersion: 6.1.7601.24524
2792204.3a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
2802204.3a0: FileDescription: Windows NT BASE API Client DLL
2812204.3a0: \SystemRoot\System32\KernelBase.dll:
2822204.3a0: CreationTime: 2019-10-09T01:27:21.135459200Z
2832204.3a0: LastWriteTime: 2019-09-17T02:28:24.029000000Z
2842204.3a0: ChangeTime: 2019-10-09T10:14:41.771237900Z
2852204.3a0: FileAttributes: 0x20
2862204.3a0: Size: 0x63c00
2872204.3a0: NT Headers: 0xe8
2882204.3a0: Timestamp: 0x5d804572
2892204.3a0: Machine: 0x8664 - amd64
2902204.3a0: Timestamp: 0x5d804572
2912204.3a0: Image Version: 6.1
2922204.3a0: SizeOfImage: 0x67000 (421888)
2932204.3a0: Resource Dir: 0x65000 LB 0x538
2942204.3a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
2952204.3a0: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
2962204.3a0: ProductName: Microsoft® Windows® Operating System
2972204.3a0: ProductVersion: 6.1.7601.24524
2982204.3a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
2992204.3a0: FileDescription: Windows NT BASE API Client DLL
3002204.3a0: \SystemRoot\System32\apisetschema.dll:
3012204.3a0: CreationTime: 2019-10-09T01:27:19.409240000Z
3022204.3a0: LastWriteTime: 2019-09-17T02:28:10.663000000Z
3032204.3a0: ChangeTime: 2019-10-09T10:14:41.116036800Z
3042204.3a0: FileAttributes: 0x20
3052204.3a0: Size: 0x1c00
3062204.3a0: NT Headers: 0xc0
3072204.3a0: Timestamp: 0x5d804503
3082204.3a0: Machine: 0x8664 - amd64
3092204.3a0: Timestamp: 0x5d804503
3102204.3a0: Image Version: 6.1
3112204.3a0: SizeOfImage: 0x50000 (327680)
3122204.3a0: Resource Dir: 0x30000 LB 0x408
3132204.3a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
3142204.3a0: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
3152204.3a0: ProductName: Microsoft® Windows® Operating System
3162204.3a0: ProductVersion: 6.1.7601.24524
3172204.3a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
3182204.3a0: FileDescription: ApiSet Schema DLL
3192204.3a0: supR3HardenedWinFindAdversaries: 0x0
3202204.3a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3212204.3a0: Calling main()
3222204.3a0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
3232204.3a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
3242204.3a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3252204.3a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
3262204.3a0: SUPR3HardenedMain: Respawn #2
3272204.3a0: supR3HardNtEnableThreadCreationEx:
3282204.3a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\apphelp.dll)
3292204.3a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\apphelp.dll
3302204.3a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
3312204.3a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3322204.3a0: supR3HardenedDllNotificationCallback: load 000007fefd150000 LB 0x00057000 C:\Windows\system32\apphelp.dll [fFlags=0x0]
3332204.3a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
3342204.3a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd150000 'C:\Windows\system32\apphelp.dll'
3352204.3a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077843710 pvNtTerminateThread=0000000077869db0
3362204.3a0: supR3HardenedWinDoReSpawn(2): New child 24dc.27a0 [kernel32].
3372204.3a0: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
3382204.3a0: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077800000 uNtDllChildAddr=0000000077800000
3392204.3a0: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077843710
3402204.3a0: supR3HardenedWinSetupChildInit: Start child.
3412204.3a0: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
3422204.3a0: supR3HardNtChildPurify: Startup delay kludge #1/0: 264 ms, 33 sleeps
3432204.3a0: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
3442204.3a0: *0000000000000000-000000000000ffff 0x0001/0x0000 0x0000000
3452204.3a0: *0000000000010000-000000000002ffff 0x0004/0x0004 0x0020000
3462204.3a0: *0000000000030000-0000000000033fff 0x0002/0x0002 0x0040000
3472204.3a0: 0000000000034000-000000000003ffff 0x0001/0x0000 0x0000000
3482204.3a0: *0000000000040000-0000000000040fff 0x0004/0x0004 0x0020000
3492204.3a0: 0000000000041000-00000000000fffff 0x0001/0x0000 0x0000000
3502204.3a0: *0000000000100000-00000000001fbfff 0x0000/0x0004 0x0020000
3512204.3a0: 00000000001fc000-00000000001fdfff 0x0104/0x0004 0x0020000
3522204.3a0: 00000000001fe000-00000000001fffff 0x0004/0x0004 0x0020000
3532204.3a0: 0000000000200000-00000000777fffff 0x0001/0x0000 0x0000000
3542204.3a0: *0000000077800000-0000000077800fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3552204.3a0: 0000000077801000-0000000077924fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3562204.3a0: 0000000077925000-000000007792afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3572204.3a0: 000000007792b000-000000007792bfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3582204.3a0: 000000007792c000-0000000077933fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3592204.3a0: 0000000077934000-000000007799efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\ntdll.dll
3602204.3a0: 000000007799f000-000000007efdffff 0x0001/0x0000 0x0000000
3612204.3a0: *000000007efe0000-000000007ffdffff 0x0000/0x0002 0x0020000
3622204.3a0: *000000007ffe0000-000000007ffe0fff 0x0002/0x0002 0x0020000
3632204.3a0: 000000007ffe1000-000000007ffeffff 0x0000/0x0002 0x0020000
3642204.3a0: 000000007fff0000-000000013f77ffff 0x0001/0x0000 0x0000000
3652204.3a0: *000000013f780000-000000013f780fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3662204.3a0: 000000013f781000-000000013f7f5fff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3672204.3a0: 000000013f7f6000-000000013f7f6fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3682204.3a0: 000000013f7f7000-000000013f83efff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3692204.3a0: 000000013f83f000-000000013f83ffff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3702204.3a0: 000000013f840000-000000013f840fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3712204.3a0: 000000013f841000-000000013f845fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3722204.3a0: 000000013f846000-000000013f846fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3732204.3a0: 000000013f847000-000000013f847fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3742204.3a0: 000000013f848000-000000013f84bfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3752204.3a0: 000000013f84c000-000000013f894fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe
3762204.3a0: 000000013f895000-000007feffafffff 0x0001/0x0000 0x0000000
3772204.3a0: *000007feffb00000-000007feffb00fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume1\Windows\System32\apisetschema.dll
3782204.3a0: 000007feffb01000-000007fffff9ffff 0x0001/0x0000 0x0000000
3792204.3a0: *000007fffffa0000-000007fffffd2fff 0x0002/0x0002 0x0040000
3802204.3a0: 000007fffffd3000-000007fffffdcfff 0x0001/0x0000 0x0000000
3812204.3a0: *000007fffffdd000-000007fffffdefff 0x0004/0x0004 0x0020000
3822204.3a0: *000007fffffdf000-000007fffffdffff 0x0004/0x0004 0x0020000
3832204.3a0: *000007fffffe0000-000007fffffeffff 0x0001/0x0002 0x0020000
3842204.3a0: apisetschema.dll: timestamp 0x5d804503 (rc=VINF_SUCCESS)
3852204.3a0: VirtualBoxVM.exe: timestamp 0x5d9f7c37 (rc=VINF_SUCCESS)
3862204.3a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
3872204.3a0: '\Device\HarddiskVolume1\Windows\System32\apisetschema.dll' has no imports
3882204.3a0: '\Device\HarddiskVolume1\Windows\System32\ntdll.dll' has no imports
3892204.3a0: supR3HardNtChildPurify: Done after 288 ms and 0 fixes (loop #0).
39024dc.27a0: Log file opened: 6.0.14r133895 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
39124dc.27a0: supR3HardenedVmProcessInit: uNtDllAddr=0000000077800000 g_uNtVerCombined=0x611db100
3922204.3a0: supR3HardenedEarlyCompact: Removed heap 1 (0x000000002f0000 LB 0x400000)
3932204.3a0: supR3HardNtEnableThreadCreationEx:
39424dc.27a0: ntdll.dll: timestamp 0x5d804531 (rc=VINF_SUCCESS)
39524dc.27a0: New simple heap: #1 0000000000300000 LB 0x400000 (for 1699840 allocation)
39624dc.27a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
39724dc.27a0: System32: \Device\HarddiskVolume1\Windows\System32
39824dc.27a0: WinSxS: \Device\HarddiskVolume1\Windows\winsxs
39924dc.27a0: KnownDllPath: C:\Windows\system32
40024dc.27a0: supR3HardenedVmProcessInit: Opening vboxdrv...
40124dc.27a0: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
40224dc.27a0: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
40324dc.27a0: Registered Dll notification callback with NTDLL.
40424dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\kernel32.dll)
40524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\kernel32.dll
40624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
40724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
40824dc.27a0: supR3HardenedDllNotificationCallback: load 00000000775e0000 LB 0x0011f000 C:\Windows\system32\kernel32.dll [fFlags=0x0]
40924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
41024dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd380000 LB 0x00067000 C:\Windows\system32\KERNELBASE.dll [fFlags=0x0]
41124dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\KernelBase.dll)
41224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\KernelBase.dll
41324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775e0000 'C:\Windows\system32\kernel32.dll'
41424dc.27a0: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077843710 pvNtTerminateThread=0000000077869db0
4152204.3a0: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 32 ms.
41624dc.27a0: \SystemRoot\System32\ntdll.dll:
41724dc.27a0: CreationTime: 2019-10-09T01:27:22.092080700Z
41824dc.27a0: LastWriteTime: 2019-09-17T02:30:20.147562700Z
41924dc.27a0: ChangeTime: 2019-10-09T10:14:41.162836800Z
42024dc.27a0: FileAttributes: 0x20
42124dc.27a0: Size: 0x197e80
42224dc.27a0: NT Headers: 0xe0
42324dc.27a0: Timestamp: 0x5d804531
42424dc.27a0: Machine: 0x8664 - amd64
42524dc.27a0: Timestamp: 0x5d804531
42624dc.27a0: Image Version: 6.1
42724dc.27a0: SizeOfImage: 0x19f000 (1699840)
42824dc.27a0: Resource Dir: 0x142000 LB 0x5a038
42924dc.27a0: [Version info resource found at 0xd8! (ID/Name: 0x1; SubID/SubName: 0x409)]
43024dc.27a0: [Raw version resource data: 0x1420f0 LB 0x38c, codepage 0x0 (reserved 0x0)]
43124dc.27a0: ProductName: Microsoft® Windows® Operating System
43224dc.27a0: ProductVersion: 6.1.7601.24524
43324dc.27a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
43424dc.27a0: FileDescription: NT Layer DLL
43524dc.27a0: \SystemRoot\System32\kernel32.dll:
43624dc.27a0: CreationTime: 2019-10-09T01:27:21.194966800Z
43724dc.27a0: LastWriteTime: 2019-09-17T02:28:24.024000000Z
43824dc.27a0: ChangeTime: 2019-10-09T10:14:41.786837900Z
43924dc.27a0: FileAttributes: 0x20
44024dc.27a0: Size: 0x11be00
44124dc.27a0: NT Headers: 0xe0
44224dc.27a0: Timestamp: 0x5d804571
44324dc.27a0: Machine: 0x8664 - amd64
44424dc.27a0: Timestamp: 0x5d804571
44524dc.27a0: Image Version: 6.1
44624dc.27a0: SizeOfImage: 0x11f000 (1175552)
44724dc.27a0: Resource Dir: 0x116000 LB 0x530
44824dc.27a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
44924dc.27a0: [Raw version resource data: 0x1160b0 LB 0x3b0, codepage 0x0 (reserved 0x0)]
45024dc.27a0: ProductName: Microsoft® Windows® Operating System
45124dc.27a0: ProductVersion: 6.1.7601.24524
45224dc.27a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
45324dc.27a0: FileDescription: Windows NT BASE API Client DLL
45424dc.27a0: \SystemRoot\System32\KernelBase.dll:
45524dc.27a0: CreationTime: 2019-10-09T01:27:21.135459200Z
45624dc.27a0: LastWriteTime: 2019-09-17T02:28:24.029000000Z
45724dc.27a0: ChangeTime: 2019-10-09T10:14:41.771237900Z
45824dc.27a0: FileAttributes: 0x20
45924dc.27a0: Size: 0x63c00
46024dc.27a0: NT Headers: 0xe8
46124dc.27a0: Timestamp: 0x5d804572
46224dc.27a0: Machine: 0x8664 - amd64
46324dc.27a0: Timestamp: 0x5d804572
46424dc.27a0: Image Version: 6.1
46524dc.27a0: SizeOfImage: 0x67000 (421888)
46624dc.27a0: Resource Dir: 0x65000 LB 0x538
46724dc.27a0: [Version info resource found at 0x90! (ID/Name: 0x1; SubID/SubName: 0x409)]
46824dc.27a0: [Raw version resource data: 0x650b0 LB 0x3b8, codepage 0x0 (reserved 0x0)]
46924dc.27a0: ProductName: Microsoft® Windows® Operating System
47024dc.27a0: ProductVersion: 6.1.7601.24524
47124dc.27a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
47224dc.27a0: FileDescription: Windows NT BASE API Client DLL
47324dc.27a0: \SystemRoot\System32\apisetschema.dll:
47424dc.27a0: CreationTime: 2019-10-09T01:27:19.409240000Z
47524dc.27a0: LastWriteTime: 2019-09-17T02:28:10.663000000Z
47624dc.27a0: ChangeTime: 2019-10-09T10:14:41.116036800Z
47724dc.27a0: FileAttributes: 0x20
47824dc.27a0: Size: 0x1c00
47924dc.27a0: NT Headers: 0xc0
48024dc.27a0: Timestamp: 0x5d804503
48124dc.27a0: Machine: 0x8664 - amd64
48224dc.27a0: Timestamp: 0x5d804503
48324dc.27a0: Image Version: 6.1
48424dc.27a0: SizeOfImage: 0x50000 (327680)
48524dc.27a0: Resource Dir: 0x30000 LB 0x408
48624dc.27a0: [Version info resource found at 0x48! (ID/Name: 0x1; SubID/SubName: 0x409)]
48724dc.27a0: [Raw version resource data: 0x30060 LB 0x3a4, codepage 0x0 (reserved 0x0)]
48824dc.27a0: ProductName: Microsoft® Windows® Operating System
48924dc.27a0: ProductVersion: 6.1.7601.24524
49024dc.27a0: FileVersion: 6.1.7601.24524 (win7sp1_ldr_escrow.190916-1700)
49124dc.27a0: FileDescription: ApiSet Schema DLL
49224dc.27a0: supR3HardenedWinFindAdversaries: 0x0
49324dc.27a0: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
49424dc.27a0: Calling main()
49524dc.27a0: SUPR3HardenedMain: pszProgName=VirtualBoxVM fFlags=0x2
49624dc.27a0: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox'
49724dc.27a0: '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe' has no imports
49824dc.27a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.exe)
49924dc.27a0: SUPR3HardenedMain: Final process, opening VBoxDrv...
50024dc.27a0: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000300000 LB 0x400000)
50124dc.27a0: supR3HardNtEnableThreadCreationEx:
50224dc.27a0: supHardenedWinVerifyImageByHandle: -> 24202 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll)
50324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll
50424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb261:<flags> [calling]
50524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef1bc0000 LB 0x00005000 C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL [fFlags=0x0]
50724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
50924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f89e1:<flags> [calling]
51024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
51124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 24202 (0x5e8a)) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll [lacks WinVerifyTrust]
51224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f89e1:<flags> [calling]
51324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
51424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1bc0000 'C:\Program Files\Oracle\VirtualBox\VBoxSupLib.DLL'
51524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
51624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
51724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
51824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
51924dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\wintrust.dll)
52024dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wintrust.dll
52124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
52224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
52324dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll)
52424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
52524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
52624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
52724dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msasn1.dll)
52824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msasn1.dll
52924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
53024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
53124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
53224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
53324dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\crypt32.dll)
53424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\crypt32.dll
53524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
53624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
53724dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msvcrt.dll)
53824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
53924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
54024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
54124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
54224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
54324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
54424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
54524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd071:<flags> [calling]
54624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd4d0000 LB 0x0003b000 C:\Windows\system32\Wintrust.dll [fFlags=0x0]
54824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
54924dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff1f0000 LB 0x0009f000 C:\Windows\system32\msvcrt.dll [fFlags=0x0]
55024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
55124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd5a0000 LB 0x0016d000 C:\Windows\system32\CRYPT32.dll [fFlags=0x0]
55224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
55324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd350000 LB 0x0000f000 C:\Windows\system32\MSASN1.dll [fFlags=0x0]
55424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
55524dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff6f0000 LB 0x0012c000 C:\Windows\system32\RPCRT4.dll [fFlags=0x0]
55624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
55724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\Wintrust.dll'
55824dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\bcrypt.dll)
55924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcrypt.dll
56024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd071:<flags> [calling]
56124dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
56224dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefcc90000 LB 0x00022000 C:\Windows\system32\bcrypt.dll [fFlags=0x0]
56324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
56424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc90000 'C:\Windows\system32\bcrypt.dll'
56524dc.27a0: bcrypt.dll loaded at 000007fefcc90000, BCryptOpenAlgorithmProvider at 000007fefcc92460, preloading providers:
56624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
56724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
56824dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll)
56924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll
57024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
57124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
57224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
57324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
57424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
57524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
57624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
57724dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\advapi32.dll)
57824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\advapi32.dll
57924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
58024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
58124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
58224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
58324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
58424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
58524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd051:<flags> [calling]
58624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
58724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefcc00000 LB 0x0004c000 C:\Windows\system32\bcryptprimitives.dll [fFlags=0x0]
58824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
58924dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff290000 LB 0x000db000 C:\Windows\system32\ADVAPI32.dll [fFlags=0x0]
59024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
59124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
59224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
59324dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\sechost.dll)
59424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\sechost.dll
59524dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefebb0000 LB 0x0001f000 C:\Windows\SYSTEM32\sechost.dll [fFlags=0x0]
59624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\sechost.dll [lacks WinVerifyTrust]
59724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc00000 'C:\Windows\system32\bcryptprimitives.dll'
59824dc.27a0: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000079c700)
59924dc.27a0: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000079e720)
60024dc.27a0: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000079e850)
60124dc.27a0: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000079ea70)
60224dc.27a0: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000079eba0)
60324dc.27a0: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000079ecd0)
60424dc.27a0: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000079ef20)
60524dc.27a0: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000079f050)
60624dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptsp.dll)
60724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
60824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
60924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
61024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
61124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
61224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
61324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
61424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcbc1:<flags> [calling]
61524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
61624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefcaf0000 LB 0x00018000 C:\Windows\system32\CRYPTSP.dll [fFlags=0x0]
61724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
61824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaf0000 'C:\Windows\system32\CRYPTSP.dll'
61924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
62024dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\rsaenh.dll)
62124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\rsaenh.dll
62224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
62324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
62424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
62524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcb51:<flags> [calling]
62624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefc7f0000 LB 0x00047000 C:\Windows\system32\rsaenh.dll [fFlags=0x0]
62824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
62924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc7f0000 'C:\Windows\system32\rsaenh.dll'
63024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
63124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc3e1:<flags> [calling]
63224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
63324dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptbase.dll)
63424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
63524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc761:<flags> [calling]
63624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
63724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd1b0000 LB 0x0000f000 C:\Windows\system32\CRYPTBASE.dll [fFlags=0x0]
63824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
63924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\CRYPTBASE.dll'
64024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
64124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc191:<flags> [calling]
64224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775e0000 'C:\Windows\system32\kernel32.dll'
64324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
64424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcb21:<flags> [calling]
64524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\WINTRUST.DLL'
64624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
64724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fc951:<flags> [calling]
64824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\CRYPT32.dll'
64924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
65024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
65124dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imagehlp.dll)
65224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imagehlp.dll
65324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
65424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
65524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
65624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
65724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
65824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
65924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc9a1:<flags> [calling]
66024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
66124dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff040000 LB 0x00019000 C:\Windows\system32\imagehlp.dll [fFlags=0x0]
66224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
66324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff040000 'C:\Windows\system32\imagehlp.dll'
66424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
66524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcaf1:<flags> [calling]
66624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaf0000 'C:\Windows\system32\CRYPTSP.dll'
66724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
66824dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\user32.dll)
66924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\user32.dll
67024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
67124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
67224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
67324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
67424dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gdi32.dll)
67524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gdi32.dll
67624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
67724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume1\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
67824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
67924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
68024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
68124dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\lpk.dll)
68224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\lpk.dll
68324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
68424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
68524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
68624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
68724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume1\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
68824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
68924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
69024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
69124dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\usp10.dll)
69224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\usp10.dll
69324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
69424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
69524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
69624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
69724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
69824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
69924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
70024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
70124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
70224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
70324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
70424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
70524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
70624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
70724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
70824dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc621:<flags> [calling]
70924dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
71024dc.27a0: supR3HardenedDllNotificationCallback: load 0000000077700000 LB 0x000fa000 C:\Windows\system32\USER32.dll [fFlags=0x0]
71124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
71224dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefe570000 LB 0x00067000 C:\Windows\system32\GDI32.dll [fFlags=0x0]
71324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
71424dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff450000 LB 0x0000e000 C:\Windows\system32\LPK.dll [fFlags=0x0]
71524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\lpk.dll [lacks WinVerifyTrust]
71624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefebd0000 LB 0x000cb000 C:\Windows\system32\USP10.dll [fFlags=0x0]
71724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\usp10.dll [lacks WinVerifyTrust]
71824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
71924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbb21:<flags> [calling]
72024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\gdi32.dll'
72124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
72224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
72324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
72424dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\imm32.dll)
72524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\imm32.dll
72624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
72724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume1\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
72824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
72924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
73024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
73124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
73224dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\msctf.dll)
73324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msctf.dll
73424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
73524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
73624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
73724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
73824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
73924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
74024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
74124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
74224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
74324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
74424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
74524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
74624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
74724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
74824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
74924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
75024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
75124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
75224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb461:<flags> [calling]
75324dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
75424dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefe4a0000 LB 0x0002e000 C:\Windows\system32\IMM32.DLL [fFlags=0x0]
75524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\imm32.dll [lacks WinVerifyTrust]
75624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefef20000 LB 0x0010b000 C:\Windows\system32\MSCTF.dll [fFlags=0x0]
75724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msctf.dll [lacks WinVerifyTrust]
75824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\IMM32.DLL'
75924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\USER32.dll'
76024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
76124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
76224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
76324dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ncrypt.dll)
76424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ncrypt.dll
76524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
76624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume1\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
76724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
76824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
76924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
77024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
77124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
77224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
77324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
77424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc921:<flags> [calling]
77524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
77624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefccc0000 LB 0x00050000 C:\Windows\system32\ncrypt.dll [fFlags=0x0]
77724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
77824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefccc0000 'C:\Windows\system32\ncrypt.dll'
77924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
78024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc711:<flags> [calling]
78124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc90000 'C:\Windows\system32\bcrypt.dll'
78224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
78324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
78424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
78524dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\userenv.dll)
78624dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\userenv.dll
78724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
78824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
78924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
79024dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\profapi.dll)
79124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\profapi.dll
79224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
79324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
79424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
79524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
79624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
79724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
79824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
79924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
80024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
80124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc0a1:<flags> [calling]
80224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
80324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd400000 LB 0x0001f000 C:\Windows\system32\USERENV.dll [fFlags=0x0]
80424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\userenv.dll [lacks WinVerifyTrust]
80524dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd360000 LB 0x0000f000 C:\Windows\system32\profapi.dll [fFlags=0x0]
80624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
80724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\USERENV.dll'
80824dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
80924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbe01:<flags> [calling]
81024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
81124dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
81224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc191:<flags> [calling]
81324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
81424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
81524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
81624dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\gpapi.dll)
81724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\gpapi.dll
81824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
81924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
82024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
82124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
82224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
82324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
82424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc3c1:<flags> [calling]
82524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
82624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefc5f0000 LB 0x0001b000 C:\Windows\system32\GPAPI.dll [fFlags=0x0]
82724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
82824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc5f0000 'C:\Windows\system32\GPAPI.dll'
82924dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
83024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc311:<flags> [calling]
83124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
83224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
83324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fba11:<flags> [calling]
83424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\rpcrt4.dll'
83524dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
83624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc2f1:<flags> [calling]
83724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-Management-L2-1-0.dll'
83824dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
83924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc301:<flags> [calling]
84024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
84124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
84224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
84324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
84424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
84524dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cryptnet.dll)
84624dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cryptnet.dll
84724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
84824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume1\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
84924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
85024dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\Wldap32.dll)
85124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\Wldap32.dll
85224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
85324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume1\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
85424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
85524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
85624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
85724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
85824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
85924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
86224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
86324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
86424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbe01:<flags> [calling]
86524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86624dc.27a0: supR3HardenedDllNotificationCallback: load 000007feec950000 LB 0x00027000 C:\Windows\system32\cryptnet.dll [fFlags=0x0]
86724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
86824dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff460000 LB 0x00052000 C:\Windows\system32\WLDAP32.dll [fFlags=0x0]
86924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
87024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
87224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
87324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
87524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
87624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
87724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
87824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
87924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
88124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
88224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
88424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
88524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=00000000001fb031:<flags> [calling]
88724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
88824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
88924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
89724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
89924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
90024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feec950000 'C:\Windows\system32\cryptnet.dll'
90124dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
90224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fb721:<flags> [calling]
90324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
90424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\profapi.dll [lacks WinVerifyTrust]
90524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb721:<flags> [calling]
90624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\profapi.dll'
90724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
90824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
90924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
91024dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\shlwapi.dll)
91124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
91224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
91324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
91424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
91524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
91624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
91724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\user32.dll [lacks WinVerifyTrust]
91824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
91924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
92024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
92124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb1b1:<flags> [calling]
92224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
92324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefeea0000 LB 0x00071000 C:\Windows\system32\SHLWAPI.dll [fFlags=0x0]
92424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
92524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\SHLWAPI.dll'
92624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
92724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fcb31:<flags> [calling]
92824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
92924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
93024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: New context 0000000002a0ef30
93124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
93224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=65A4A443FE03DD7F6CC84E87A37D3108DB0E9AD0
93324dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
93424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc0e1:<flags> [calling]
93524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
93624dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
93724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbc41:<flags> [calling]
93824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
93924dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
94024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbc41:<flags> [calling]
94124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
94224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
94324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc0e1:<flags> [calling]
94424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
94524dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
94624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fc091:<flags> [calling]
94724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
94824dc.27a0: supR3HardenedIsApiSetDll: '<NULL>' -> true
94924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000001fbd81:<flags> [calling]
95024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
95124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
95224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc5b1:<flags> [calling]
95324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
95424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\SystemRoot\System32\ntdll.dll'
95524dc.27a0: g_pfnWinVerifyTrust=000007fefd4d1010
95624dc.27a0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
95724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume1\Windows\System32\crypt32.dll
95824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
95924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
96024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5CCC54FB65C31E3638B46731AAE79E4D19C447BF
96124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
96224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb321:<flags> [calling]
96324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
96424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
96524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
96624dc.27a0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\crypt32.dll'
96724dc.27a0: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
96824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000c8 pwszName=\Device\HarddiskVolume1\Windows\System32\wintrust.dll
96924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
97024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
97124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=40D3B3DEDBB0ACAC582E6FC9E8CE64318CFE75C9
97224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
97324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb321:<flags> [calling]
97424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
97524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
97624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
97724dc.27a0: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\wintrust.dll'
97824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003b4 pwszName=\Device\HarddiskVolume1\Windows\System32\shlwapi.dll
97924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
98024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
98124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
98224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
98324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
98424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll'
98524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a8 pwszName=\Device\HarddiskVolume1\Windows\System32\Wldap32.dll
98624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
98724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
98824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=086A94704E162AB5C6F0ED4BA6DE6C8B4524BA56
98924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
99024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
99124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
99224dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\Wldap32.dll'
99324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003a4 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptnet.dll
99424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
99524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
99624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=FB39AEF34399374E40B89FA92317233C021F1826
99724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
99824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
99924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100024dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptnet.dll'
100124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000260 pwszName=\Device\HarddiskVolume1\Windows\System32\gpapi.dll
100224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
100324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
100424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
100524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
100624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
100724dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gpapi.dll'
100824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001cc pwszName=\Device\HarddiskVolume1\Windows\System32\profapi.dll
100924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
101024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
101124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
101224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\profapi.dll'
101324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
101424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\profapi.dll'
101524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c8 pwszName=\Device\HarddiskVolume1\Windows\System32\userenv.dll
101624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
101724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
101824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=05BE7734A1FC16BDC2F13E2D2045908D65421740
101924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
102024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\userenv.dll'
102124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
102224dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\userenv.dll'
102324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001b4 pwszName=\Device\HarddiskVolume1\Windows\System32\ncrypt.dll
102424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
102524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
102624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5CE80D2C1E320C74DF8879F0283DF54C81C7AFF5
102724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
102824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
102924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
103024dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ncrypt.dll'
103124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume1\Windows\System32\msctf.dll
103224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
103324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
103424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B282A2631D47B459D3BFB9E19817422A5BDA7C7
103524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
103624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\msctf.dll'
103724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
103824dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msctf.dll'
103924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume1\Windows\System32\imm32.dll
104024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
104124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
104224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
104324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\imm32.dll'
104424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
104524dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imm32.dll'
104624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume1\Windows\System32\usp10.dll
104724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
104824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
104924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0B2C720D87D73073E28A28F27C8667CDA07DDEDD
105024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
105124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\usp10.dll'
105224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
105324dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\usp10.dll'
105424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume1\Windows\System32\lpk.dll
105524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
105624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
105724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A8B278471EC74CCECC4B0963111C2A3964248BFB
105824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
105924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\lpk.dll'
106024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
106124dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\lpk.dll'
106224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000018c pwszName=\Device\HarddiskVolume1\Windows\System32\gdi32.dll
106324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
106424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
106524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5B1476CAB2DAF37E6FBCCADBDE3A75A562474BED
106624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
106724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fa9d1:<flags> [calling]
106824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
106924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
107024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107124dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\gdi32.dll'
107224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000188 pwszName=\Device\HarddiskVolume1\Windows\System32\user32.dll
107324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
107424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
107524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E490B8AD12DF6B69FBF0B3A1D41F33B3D5BDACB
107624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
107724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\user32.dll'
107824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
107924dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\user32.dll'
108024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000184 pwszName=\Device\HarddiskVolume1\Windows\System32\imagehlp.dll
108124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
108224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
108324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
108424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
108524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
108624dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\imagehlp.dll'
108724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000128 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptbase.dll
108824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
108924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
109024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A4DA4C0871B83BFCB0FDF3F409DD18EF21636F9
109124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
109224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
109324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
109424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptbase.dll'
109524dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rsaenh.dll'
109624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000124 pwszName=\Device\HarddiskVolume1\Windows\System32\cryptsp.dll
109724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
109824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
109924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4D212E5620D5CC7084245971F59495972AE15D84
110024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
110124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
110224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
110324dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cryptsp.dll'
110424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000114 pwszName=\Device\HarddiskVolume1\Windows\System32\sechost.dll
110524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
110624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
110724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
110824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\sechost.dll'
110924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
111024dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\sechost.dll'
111124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000110 pwszName=\Device\HarddiskVolume1\Windows\System32\advapi32.dll
111224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
111324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
111424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1983EE22045EC093707BB189490A93B3986C4271
111524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
111624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
111724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
111824dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\advapi32.dll'
111924dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcryptprimitives.dll'
112024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000f8 pwszName=\Device\HarddiskVolume1\Windows\System32\bcrypt.dll
112124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
112224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
112324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1D67F6787E2C5C1A2A191FE874F8CDC89736C578
112424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
112524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
112624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
112724dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\bcrypt.dll'
112824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume1\Windows\System32\msvcrt.dll
112924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
113024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
113124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
113224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
113324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
113424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll'
113524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d0 pwszName=\Device\HarddiskVolume1\Windows\System32\msasn1.dll
113624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
113724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
113824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
113924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
114024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
114124dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\msasn1.dll'
114224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000cc pwszName=\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
114324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
114424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
114524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=955626234E30F8240A63FEED1575999EEA2CA6A8
114624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
114724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
114824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
114924dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll'
115024dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 24202) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSupLib.dll'
115124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume1\Windows\System32\KernelBase.dll
115224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
115324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
115424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=723DCDE5D1E6E040BA1B65C8376D622C5F7DC35B
115524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
115624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
115724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
115824dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\KernelBase.dll'
115924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume1\Windows\System32\kernel32.dll
116024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
116124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
116224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFDE1D98DD1EE22CEB48EE1B090A310F20863C3C
116324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
116424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
116524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
116624dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\kernel32.dll'
116724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
116824dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x292d758d85f9d800 C=CN, O=OSCCA, CN=ROOTCA
116924dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
117024dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
117124dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xe86b9836746baf00 C=CH, ST=FUJIAN, L=XIAMEN, O=TIPRAY, OU=DLP
117224dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
117324dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
117424dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
117524dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
117624dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
117724dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
117824dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
117924dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x50bb81640c01cb00 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
118024dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x6b7bdc34cd37bb00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root G2
118124dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
118224dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
118324dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
118424dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
118524dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
118624dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
118724dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9403a4b8727eb000 C=TW, O=TAIWAN-CA, OU=Root CA, CN=TWCA Root Certification Authority
118824dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
118924dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x1591b8ac8dcabd00 C=CN, O=WoSign CA Limited, CN=Certification Authority of WoSign
119024dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
119124dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
119224dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
119324dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
119424dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
119524dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
119624dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
119724dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xef62113787ebace5 C=US, O=GeoTrust Inc., OU=(c) 2007 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G2
119824dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
119924dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
120024dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x298be035a30bab00 C=DE, O=Deutsche Telekom AG, OU=T-TeleSec Trust Center, CN=Deutsche Telekom Root CA 2
120124dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x6f2ebe0e24cfa600 OU=GlobalSign Root CA - R2, O=GlobalSign, CN=GlobalSign
120224dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
120324dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
120424dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
120524dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
120624dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
120724dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
120824dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
120924dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
121024dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
121124dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc30e361765128000 C=US, ST=New Jersey, L=Jersey City, O=The USERTRUST Network, CN=USERTrust RSA Certification Authority
121224dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
121324dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
121424dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
121524dc.27a0: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
121624dc.27a0: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=48
121724dc.27a0: SUPR3HardenedMain: Load Runtime...
121824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
121924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
122024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
122124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
122224dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll) WinVerifyTrust
122324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
122424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
122524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
122624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000438 pwszName=\Device\HarddiskVolume1\Windows\System32\ws2_32.dll
122724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
122824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
122924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
123024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\ws2_32.dll'
123124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
123224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
123324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
123424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
123524dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ws2_32.dll) WinVerifyTrust
123624dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
123724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
123824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
123924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
124024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
124124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
124224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
124324dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll) WinVerifyTrust
124424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
124524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
124624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
124724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll) WinVerifyTrust
124824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
124924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
125024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
125124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
125224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
125324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
125424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000040c pwszName=\Device\HarddiskVolume1\Windows\System32\nsi.dll
125524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
125624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
125724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=5C61E0233B4D23762E0FE158DE0FDC6C24988F13
125824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
125924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\nsi.dll'
126024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
126124dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\nsi.dll) WinVerifyTrust
126224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\nsi.dll
126324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
126424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
126524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
126624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
126724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
126824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
126924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbeb1:<flags> [calling]
127024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
127124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef55e0000 LB 0x005e2000 C:\Program Files\Oracle\VirtualBox\VBoxRT.dll [fFlags=0x0]
127224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
127324dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
127424dc.27a0: supR3HardenedDllNotificationCallback: load 0000000074fc0000 LB 0x000d2000 C:\Program Files\Oracle\VirtualBox\MSVCR100.dll [fFlags=0x0]
127524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
127624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
127724dc.27a0: supR3HardenedDllNotificationCallback: load 0000000074f20000 LB 0x00098000 C:\Program Files\Oracle\VirtualBox\MSVCP100.dll [fFlags=0x0]
127824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
127924dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff4c0000 LB 0x0004d000 C:\Windows\system32\WS2_32.dll [fFlags=0x0]
128024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
128124dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff030000 LB 0x00008000 C:\Windows\system32\NSI.dll [fFlags=0x0]
128224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
128324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
128424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
128524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
128724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
128824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
128924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
129024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
129124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
129324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
129424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
129624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
129724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
129824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
129924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
130024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
130824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
130924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
131024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
131924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxRT.dll
132724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f95f1:<flags> [calling]
132824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
132924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef55e0000 'C:\Program Files\Oracle\VirtualBox\VBoxRT.dll'
133224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
133324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fda11:<flags> [calling]
133424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\Wintrust.dll'
133524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
133624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
133724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
133824dc.27a0: SUPR3HardenedMain: Load TrustedMain...
133924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
134024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxglobal.dll'.
134124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
134224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcp100.dll'.
134324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcr100.dll'.
134424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5corevbox.dll'.
134524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5guivbox.dll'.
134624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5widgetsvbox.dll'.
134724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
134824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
134924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'ole32.dll'.
135024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'oleaut32.dll'.
135124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'winmm.dll'.
135224dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll) WinVerifyTrust
135324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
135424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
135524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
135624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000498 pwszName=\Device\HarddiskVolume1\Windows\System32\winmm.dll
135724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
135824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
135924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
136024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\winmm.dll'
136124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
136224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
136324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
136424dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winmm.dll) WinVerifyTrust
136524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winmm.dll
136624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
136724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
136824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000478 pwszName=\Device\HarddiskVolume1\Windows\System32\oleaut32.dll
136924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
137024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
137124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E1E71C0A579F721131CE3D007BD18DF3EDA340DC
137224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
137324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
137424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
137524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
137624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
137724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\oleaut32.dll'
137824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
137924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
138024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
138124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
138224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
138324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
138424dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\oleaut32.dll) WinVerifyTrust
138524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
138624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
138724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
138824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000048c pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
138924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
139024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
139124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C8045E11F7F59B08DDA8828867F550E635377FE
139224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
139324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
139424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
139524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
139624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
139724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
139824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
139924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
140024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
140124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
140224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
140324dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\ole32.dll'.
140424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
140524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
140624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
140724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
140824dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\ole32.dll)
140924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ole32.dll
141024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
141124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
141224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
141324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
141424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
141524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
141624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
141724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
141824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
141924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
142024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
142124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
142224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
142324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
142424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
142524dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ole32.dll) WinVerifyTrust
142624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
142724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
142824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
142924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
143024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
143124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
143224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
143324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
143424dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll) WinVerifyTrust
143524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
143624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
143724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
143824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
143924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
144024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
144124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
144224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
144324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
144424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
144524dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll) WinVerifyTrust
144624dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
144724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
144824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
144924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
145024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
145124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
145224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
145324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
145424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
145524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
145624dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll) WinVerifyTrust
145724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
145824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
145924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
146024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
146124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
146224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
146324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
146424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
146524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
146624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
146724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
146824dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll) WinVerifyTrust
146924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
147024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
147124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
147224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
147324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
147424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
147524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
147624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
147724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
147824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxglobal.dll'...
147924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxglobal.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxglobal.dll' [rcNtRedir=0xc0150008]
148024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
148124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcr100.dll'.
148224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
148324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
148424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5widgetsvbox.dll'.
148524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
148624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
148724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
148824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
148924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'rpcrt4.dll'.
149024dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll) WinVerifyTrust
149124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
149224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
149324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
149424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c0 pwszName=\Device\HarddiskVolume1\Windows\System32\opengl32.dll
149524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
149624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
149724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
149824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\opengl32.dll'
149924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
150024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
150124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
150224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
150324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
150424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
150524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
150624dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\opengl32.dll) WinVerifyTrust
150724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\opengl32.dll
150824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
150924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
151024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
151124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume1\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
151224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b4 pwszName=\Device\HarddiskVolume1\Windows\System32\ddraw.dll
151324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
151424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
151524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
151624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\ddraw.dll'
151724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
151824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
151924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
152024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
152124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
152224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
152324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
152424dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ddraw.dll) WinVerifyTrust
152524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ddraw.dll
152624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
152724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume1\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
152824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b8 pwszName=\Device\HarddiskVolume1\Windows\System32\glu32.dll
152924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
153024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
153124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
153224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\glu32.dll'
153324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
153424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
153524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
153624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
153724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\glu32.dll) WinVerifyTrust
153824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\glu32.dll
153924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
154024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
154124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
154224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
154324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
154424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
154524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
154624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
154724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
154824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
154924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
155024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
155124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
155224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
155324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\ole32.dll [redoing WinVerifyTrust]
155424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a4 pwszName=\Device\HarddiskVolume1\Windows\System32\ole32.dll
155524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
155624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
155724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7C8045E11F7F59B08DDA8828867F550E635377FE
155824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\crypt32.dll
155924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
156024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
156124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
156224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
156324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
156424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
156524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
156624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
156724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
156824dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
156924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
157024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
157124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
157224dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dwmapi.dll)
157324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dwmapi.dll
157424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
157524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
157624dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'.
157724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
157824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
157924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
158024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
158124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
158224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
158324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
158424dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\setupapi.dll)
158524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\setupapi.dll
158624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
158724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
158824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
158924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
159024dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
159124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
159224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
159324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
159424dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\dciman32.dll)
159524dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dciman32.dll
159624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
159724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
159824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
159924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
160024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
160124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
160224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
160324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
160424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
160524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
160624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
160724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
160824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
160924dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\devobj.dll'.
161024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
161124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
161224dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devobj.dll)
161324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devobj.dll
161424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
161524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
161624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
161724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
161824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
161924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
162024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
162124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
162224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
162324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
162424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
162524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
162624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
162724dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'.
162824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
162924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
163024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
163124dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll)
163224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
163324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
163424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
163524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
163624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
163724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
163824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
163924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
164024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
164124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
164224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
164324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
164424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
164524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
164624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
164724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
164824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [lacks WinVerifyTrust]
164924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
165024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
165124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f9621:<flags> [calling]
165224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
165324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\ole32.dll'
165424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
165524dc.27a0: supR3HardenedScreenImage/Imports: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\ole32.dll'
165624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
165724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
165824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
165924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
166024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
166124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
166224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
166324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
166424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
166524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
166624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
166724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
166824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
166924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
167024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
167324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
167424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
167524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
167624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
167724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
167824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
167924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
168024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
168124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
168224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume1\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
168324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004bc pwszName=\Device\HarddiskVolume1\Windows\System32\mpr.dll
168424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
168524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
168624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
168724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\mpr.dll'
168824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
168924dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\mpr.dll) WinVerifyTrust
169024dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\mpr.dll
169124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
169224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
169324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
169424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
169524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
169624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
169724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
169824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
169924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
170024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
170124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d8 pwszName=\Device\HarddiskVolume1\Windows\System32\shell32.dll
170224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
170324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
170424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6F0FD5A01ADEE7CE965956E4165CC96F02202139
170524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
170624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\shell32.dll'
170724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
170824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
170924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
171024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
171124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
171224dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\shell32.dll) WinVerifyTrust
171324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\shell32.dll
171424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
171524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
171624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
171724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
171824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
171924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
172024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
172124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
172224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
172324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
172424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
172524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
172624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
172724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
172824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
172924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
173024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
173124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
173224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
173324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
173424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
173524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
173624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
173724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
173824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
173924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
174024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
174124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
174224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
174324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
174424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
174524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
174624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
174724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
174824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
174924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
175024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
175124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
175224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
175324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
175424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\gdi32.dll
175524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
175624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
175724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
175824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
175924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
176024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
176124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
176224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
176324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
176424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
176524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
176624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
176724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
176824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
176924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
177024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
177224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
177324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
177424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
177524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
177624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
177724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
177824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
177924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
178024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
178124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
178224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
178324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbec1:<flags> [calling]
178424dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
178524dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef0e10000 LB 0x00188000 C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll [fFlags=0x0]
178624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll
178724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
178824dc.27a0: supR3HardenedDllNotificationCallback: load 000007fedd240000 LB 0x0011d000 C:\Windows\system32\OPENGL32.dll [fFlags=0x0]
178924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\opengl32.dll
179024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
179124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fedd450000 LB 0x0002d000 C:\Windows\system32\GLU32.dll [fFlags=0x0]
179224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\glu32.dll
179324dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
179424dc.27a0: supR3HardenedDllNotificationCallback: load 000007fedd040000 LB 0x000f1000 C:\Windows\system32\DDRAW.dll [fFlags=0x0]
179524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ddraw.dll
179624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
179724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fedd440000 LB 0x00008000 C:\Windows\system32\DCIMAN32.dll [fFlags=0x0]
179824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dciman32.dll [avoiding WinVerifyTrust]
179924dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff510000 LB 0x001d7000 C:\Windows\system32\SETUPAPI.dll [fFlags=0x0]
180024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll [avoiding WinVerifyTrust]
180124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd540000 LB 0x00036000 C:\Windows\system32\CFGMGR32.dll [fFlags=0x0]
180224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [avoiding WinVerifyTrust]
180324dc.27a0: supR3HardenedDllNotificationCallback: load 000007feff370000 LB 0x000db000 C:\Windows\system32\OLEAUT32.dll [fFlags=0x0]
180424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
180524dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefeca0000 LB 0x001ff000 C:\Windows\system32\ole32.dll [fFlags=0x0]
180624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
180724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd510000 LB 0x0001a000 C:\Windows\system32\DEVOBJ.dll [fFlags=0x0]
180824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devobj.dll [avoiding WinVerifyTrust]
180924dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
181024dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef99d0000 LB 0x00018000 C:\Windows\system32\dwmapi.dll [fFlags=0x0]
181124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [avoiding WinVerifyTrust]
181224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
181324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef2a60000 LB 0x02387000 C:\Program Files\Oracle\VirtualBox\VBoxGlobal.dll [fFlags=0x0]
181424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGlobal.dll
181524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
181624dc.27a0: supR3HardenedDllNotificationCallback: load 0000000053b20000 LB 0x00565000 C:\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll [fFlags=0x0]
181724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
181824dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd710000 LB 0x00d8b000 C:\Windows\system32\SHELL32.dll [fFlags=0x0]
181924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
182024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
182124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefb9d0000 LB 0x00018000 C:\Windows\system32\MPR.dll [fFlags=0x0]
182224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\mpr.dll
182324dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
182424dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef4fe0000 LB 0x005f7000 C:\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll [fFlags=0x0]
182524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
182624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
182724dc.27a0: supR3HardenedDllNotificationCallback: load 00000000535b0000 LB 0x00561000 C:\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll [fFlags=0x0]
182824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5WidgetsVBox.dll
182924dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
183024dc.27a0: supR3HardenedDllNotificationCallback: load 0000000074d60000 LB 0x00054000 C:\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll [fFlags=0x0]
183124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5OpenGLVBox.dll
183224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
183324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef98d0000 LB 0x0003b000 C:\Windows\system32\WINMM.dll [fFlags=0x0]
183424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
183524dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'.
183624dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll' [rescheduled]
183724dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\devobj.dll'.
183824dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\devobj.dll' [rescheduled]
183924dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dciman32.dll'.
184024dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dciman32.dll' [rescheduled]
184124dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'.
184224dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rescheduled]
184324dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'.
184424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll' [rescheduled]
184524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.DLL'
184624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
184724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
184824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\cryptbase.dll'
184924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0e10000 'C:\Program Files\Oracle\VirtualBox\VirtualBoxVM.dll'
185024dc.27a0: SUPR3HardenedMain: Calling TrustedMain (000007fef0e116c0)...
185124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
185224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd771:<flags> [calling]
185324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
185424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
185524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\profapi.dll
185624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fbe51:<flags> [calling]
185724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd360000 'C:\Windows\system32\profapi.dll'
185824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
185924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
186024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
186124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
186224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
186324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
186424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
186524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
186624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
186724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
186824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
186924dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll) WinVerifyTrust
187024dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
187124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
187224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
187324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
187424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
187524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5CoreVBox.dll
187624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
187724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
187824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\Qt5GuiVBox.dll
187924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
188024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
188124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
188224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
188324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
188424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
188524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
188624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
188724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
188824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
188924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
189024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
189124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
189224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
189324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
189424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
189524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
189624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
189724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
189824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
189924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
190024dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe141:<flags> [calling]
190124dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
190224dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef6e50000 LB 0x0012e000 C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll [fFlags=0x0]
190324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\platforms\qwindows.dll
190424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6e50000 'C:\Program Files\Oracle\VirtualBox\platforms\qwindows.dll'
190524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptbase.dll
190624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe071:<flags> [calling]
190724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd1b0000 'C:\Windows\system32\CRYPTBASE.dll'
190824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000055c pwszName=\Device\HarddiskVolume1\Windows\System32\uxtheme.dll
190924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
191024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
191124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
191224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\uxtheme.dll'
191324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
191424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
191524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
191624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
191724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\uxtheme.dll) WinVerifyTrust
191824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
191924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
192024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
192124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
192224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
192324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
192424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
192524dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fdb41:<flags> [calling]
192624dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
192724dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefa210000 LB 0x00056000 C:\Windows\system32\uxtheme.dll [fFlags=0x0]
192824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
192924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa210000 'C:\Windows\system32\uxtheme.dll'
193024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
193124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd581:<flags> [calling]
193224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa210000 'C:\Windows\system32\uxtheme.dll'
193324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
193424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd2f1:<flags> [calling]
193524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa210000 'C:\Windows\system32\uxtheme.dll'
193624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
193724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd2f1:<flags> [calling]
193824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa210000 'C:\Windows\system32\uxtheme.dll'
193924dc.27a0: \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll: Owner is administrators group.
194024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
194124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
194224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msimg32.dll'.
194324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'comdlg32.dll'.
194424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
194524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
194624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'shlwapi.dll'.
194724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ole32.dll'.
194824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
194924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'gdiplus.dll'.
195024dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll) WinVerifyTrust
195124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll
195224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
195324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'gdiplus.dll'
195424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
195524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
195624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
195724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
195824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
195924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
196024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
196124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
196224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
196324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
196424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
196524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
196624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
196724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000590 pwszName=\Device\HarddiskVolume1\Windows\System32\winspool.drv
196824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
196924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
197024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=15CD1CBF30052F853C76A224D00E7C5ED9088EA8
197124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
197224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\winspool.drv'
197324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
197424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
197524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
197624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
197724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winspool.drv) WinVerifyTrust
197824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winspool.drv
197924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
198024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
198124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000578 pwszName=\Device\HarddiskVolume1\Windows\System32\comdlg32.dll
198224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
198324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
198424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
198524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\comdlg32.dll'
198624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
198724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
198824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
198924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
199024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
199124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
199224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
199324dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\comdlg32.dll) WinVerifyTrust
199424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
199524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msimg32.dll'...
199624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msimg32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msimg32.dll' [rcNtRedir=0xc0150008]
199724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000594 pwszName=\Device\HarddiskVolume1\Windows\System32\msimg32.dll
199824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
199924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
200024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4098393F70547101D3676E372B252195A3EA086F
200124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
200224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume1\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
200324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
200424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
200524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
200624dc.27a0: Detected WinVerifyTrust recursion: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'.
200724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
200824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
200924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
201024dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\comctl32.dll)
201124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\comctl32.dll
201224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
201324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
201424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
201524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
201624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
201724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
201824dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
201924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
202024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
202124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
202224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
202324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
202424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
202524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
202624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
202724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msvcrt.dll
202824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
202924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
203024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
203124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
203224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
203324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
203424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
203524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\msimg32.dll'
203624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
203724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
203824dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msimg32.dll) WinVerifyTrust
203924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msimg32.dll
204024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
204124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
204224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
204324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
204424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
204524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
204624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fdb41:<flags> [calling]
204724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll
204824dc.27a0: supR3HardenedDllNotificationCallback: load 0000000180000000 LB 0x00117000 C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll [fFlags=0x0]
204924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll
205024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msimg32.dll
205124dc.27a0: supR3HardenedDllNotificationCallback: load 000007feed420000 LB 0x00007000 C:\Windows\system32\MSIMG32.dll [fFlags=0x0]
205224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msimg32.dll
205324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefe4d0000 LB 0x00097000 C:\Windows\system32\COMDLG32.dll [fFlags=0x0]
205424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\comdlg32.dll
205524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
205624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
205724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
205824dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
205924dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
206024dc.27a0: supR3HardenedDllNotificationCallback: load 000007fed9bc0000 LB 0x000a0000 C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
206124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
206224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
206324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fee68f0000 LB 0x00071000 C:\Windows\system32\WINSPOOL.DRV [fFlags=0x0]
206424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
206524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
206624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
206724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
206824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
206924dc.27a0: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\GdiPlus.dll)
207024dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\GdiPlus.dll
207124dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef9ff0000 LB 0x00219000 C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\gdiplus.dll [fFlags=0x0]
207224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\GdiPlus.dll [avoiding WinVerifyTrust]
207324dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\GdiPlus.dll'.
207424dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.24517_none_14566e2a8b94e787\GdiPlus.dll' [rescheduled]
207524dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
207624dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
207724dc.27a0: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume1\Windows\System32\comctl32.dll'.
207824dc.27a0: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume1\Windows\System32\comctl32.dll' [rescheduled]
207924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\imm32.dll
208024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
208124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
208224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
208324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
208424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
208524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
208624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
208724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
208824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
208924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
209024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
209124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\user32.dll
209224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
209324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
209424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
209524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
209624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd111:<flags> [calling]
209724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe4a0000 'C:\Windows\system32\imm32.dll'
209824dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; rcNtGetDll=0x0
209924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll'
210024dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; rcNtGetDll=0x0
210124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll'
210224dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; rcNtGetDll=0x0
210324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll'
210424dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll; rcNtGetDll=0x0
210524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64CHS.dll'
210624dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64LOC.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64LOC.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64LOC.dll; rcNtGetDll=0x0
210724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64LOC.dll'
210824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000180000000 'C:\Inetpub\ftproot\Tipray\LdTerm\LdPrintMonitor64.dll'
210924dc.27a0: \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll: Owner is administrators group.
211024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdiplus.dll'.
211124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
211224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
211324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winspool.drv'.
211424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
211524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shlwapi.dll'.
211624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'oleaut32.dll'.
211724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll) WinVerifyTrust
211824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll
211924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
212024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
212124dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
212224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
212324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
212424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
212524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
212624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
212724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
212824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
212924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume1\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
213024dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winspool.drv
213124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
213224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
213324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
213424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
213524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdiplus.dll'...
213624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Failed to locate 'gdiplus.dll'
213724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fd8f1:<flags> [calling]
213824dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll
213924dc.27a0: supR3HardenedDllNotificationCallback: load 000007fedba20000 LB 0x00056000 C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll [fFlags=0x0]
214024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\InetPub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll
214124dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; rcNtGetDll=0x0
214224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll'
214324dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; rcNtGetDll=0x0
214424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll'
214524dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; rcNtGetDll=0x0
214624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll'
214724dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll; rcNtGetDll=0x0
214824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64CHS.dll'
214924dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64LOC.dll': 0 (NtPath=\??\C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64LOC.dll; Input=C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64LOC.dll; rcNtGetDll=0x0
215024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64LOC.dll'
215124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedba20000 'C:\Inetpub\ftproot\Tipray\LdTerm\LdWaterMarkHook64.dll'
215224dc.27a0: \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll: Owner is administrators group.
215324dc.27a0: supR3HardNtViCallWinVerifyTrust: WinVerifyTrust failed with 0x800b0101 (CERT_E_EXPIRED) on '\Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
215424dc.27a0: supHardenedWinVerifyImageByHandle: -> -22919 (\Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll) WinVerifyTrust
215524dc.27a0: Error (rc=0):
215624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll: WinVerifyTrust failed with hrc=CERT_E_EXPIRED on '\Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
215724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
215824dc.27a0: Error (rc=0):
215924dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
216024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
216124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\user32.dll'
216224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
216324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe381:<flags> [calling]
216424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\Windows\system32\shell32.dll'
216524dc.27a0: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\Windows\system32\wintab32.dll': 0 (NtPath=\??\C:\Windows\system32\wintab32.dll; Input=C:\Windows\system32\wintab32.dll; rcNtGetDll=0x0
216624dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000034 'C:\Windows\system32\wintab32.dll'
216724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
216824dc.27a0: Error (rc=0):
216924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=1 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
217024dc.27a0: Error (rc=0):
217124dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
217224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
217324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\dwmapi.dll [redoing WinVerifyTrust]
217424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume1\Windows\System32\dwmapi.dll
217524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
217624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
217724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
217824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
217924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
218024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\dwmapi.dll'
218124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fda21:<flags> [calling]
218224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef99d0000 'C:\Windows\system32\dwmapi.dll'
218324dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
218424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe7a1:<flags> [calling]
218524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
218624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
218724dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe7a1:<flags> [calling]
218824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
218924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
219024dc.27a0: Error (rc=0):
219124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=2 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
219224dc.27a0: Error (rc=0):
219324dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
219424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
219524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
219624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fea81:<flags> [calling]
219724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\Windows\system32\shell32.dll'
219824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\uxtheme.dll
219924dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fea51:<flags> [calling]
220024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa210000 'C:\Windows\system32\uxtheme.dll'
220124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\advapi32.dll'
220224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\userenv.dll
220324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fe9b1:<flags> [calling]
220424dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd400000 'C:\Windows\system32\userenv.dll'
220524dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\kernel32.dll
220624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fea91:<flags> [calling]
220724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=00000000775e0000 'C:\Windows\system32\kernel32.dll'
220824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
220924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e0 pwszName=\Device\HarddiskVolume1\Windows\System32\clbcatq.dll
221024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
221124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
221224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
221324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\clbcatq.dll'
221424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
221524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
221624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
221724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
221824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
221924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
222024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
222124dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\clbcatq.dll) WinVerifyTrust
222224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
222324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
222424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
222524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
222624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
222724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
222824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
222924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
223024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
223124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
223224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
223324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
223424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
223524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
223624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fc7e1:<flags> [calling]
223724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
223824dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefeb10000 LB 0x00099000 C:\Windows\system32\CLBCatQ.DLL [fFlags=0x0]
223924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\clbcatq.dll
224024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb10000 'C:\Windows\system32\CLBCatQ.DLL'
224124dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\cryptsp.dll
224224dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb631:<flags> [calling]
224324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcaf0000 'C:\Windows\system32\CRYPTSP.dll'
224424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005f8 pwszName=\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
224524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
224624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
224724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
224824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll'
224924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
225024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
225124dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
225224dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
225324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
225424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
225524dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\rpcrt4.dll
225624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fb1f1:<flags> [calling]
225724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
225824dc.27a0: supR3HardenedDllNotificationCallback: load 000007fefd2a0000 LB 0x00014000 C:\Windows\system32\RpcRtRemote.dll [fFlags=0x0]
225924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\RpcRtRemote.dll
226024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd2a0000 'C:\Windows\system32\RpcRtRemote.dll'
226124dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
226224dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
226324dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
226424dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
226524dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
226624dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
226724dc.26e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll) WinVerifyTrust
226824dc.26e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
226924dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
227024dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
227124dc.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
227224dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
227324dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
227424dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
227524dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
227624dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
227724dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
227824dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
227924dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
228024dc.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
228124dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
228224dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
228324dc.26e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000054ae4b1:<flags> [calling]
228424dc.26e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
228524dc.26e8: supR3HardenedDllNotificationCallback: load 000007fef62f0000 LB 0x003a4000 C:\Program Files\Oracle\VirtualBox\VBoxC.dll [fFlags=0x0]
228624dc.26e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
228724dc.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef62f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.dll'
228824dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
228924dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
229024dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
229124dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
229224dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
229324dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
229424dc.26e8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
229524dc.26e8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll) WinVerifyTrust
229624dc.26e8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
229724dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
229824dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
229924dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
230024dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
230124dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
230224dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
230324dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
230424dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
230524dc.26e8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
230624dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
230724dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
230824dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
230924dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
231024dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
231124dc.26e8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
231224dc.26e8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000054acf21:<flags> [calling]
231324dc.26e8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
231424dc.26e8: supR3HardenedDllNotificationCallback: load 000007fef6d70000 LB 0x000d5000 C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll [fFlags=0x0]
231524dc.26e8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll
231624dc.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d70000 'C:\Program Files\Oracle\VirtualBox\VBoxProxyStub.dll'
231724dc.26e8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\oleaut32.dll'
231824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
231924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe570000 'C:\Windows\system32\gdi32.dll'
232024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
232124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001fa5d1:<flags> [calling]
232224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\Windows\system32\shell32.dll'
232324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
232424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
232524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
232624dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll) WinVerifyTrust
232724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
232824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
232924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
233024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
233124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrem.dll' [rcNtRedir=0xc0150008]
233224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
233324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
233424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
233524dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll) WinVerifyTrust
233624dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
233724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
233824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
233924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
234024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
234124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
234224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
234324dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
234424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
234524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
234624dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f8e21:<flags> [calling]
234724dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
234824dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef0ad0000 LB 0x00331000 C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL [fFlags=0x0]
234924dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
235024dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
235124dc.27a0: supR3HardenedDllNotificationCallback: load 0000000074850000 LB 0x0010b000 C:\Program Files\Oracle\VirtualBox\VBoxREM.dll [fFlags=0x0]
235224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxREM.dll
235324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0ad0000 'C:\Program Files\Oracle\VirtualBox\VBoxVMM.DLL'
235424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
235524dc.27a0: Error (rc=0):
235624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=3 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
235724dc.27a0: Error (rc=0):
235824dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
235924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
236024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
236124dc.27a0: Error (rc=0):
236224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=4 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
236324dc.27a0: Error (rc=0):
236424dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
236524dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
236624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
236724dc.27a0: Error (rc=0):
236824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=5 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
236924dc.27a0: Error (rc=0):
237024dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
237124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
237224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
237324dc.27a0: Error (rc=0):
237424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=6 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
237524dc.27a0: Error (rc=0):
237624dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
237724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
237824dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
237924dc.27a0: Error (rc=0):
238024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=7 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
238124dc.27a0: Error (rc=0):
238224dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
238324dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
238424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
238524dc.27a0: Error (rc=0):
238624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=8 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
238724dc.27a0: Error (rc=0):
238824dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
238924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
239024dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
239124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
239224dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status -22919 (0xffffa679)) on \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
239324dc.27a0: Error (rc=0):
239424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cached rc=Unknown Status -22919 (0xffffa679) fImage=1 fProtect=0x0 fAccess=0x0 cHits=16 \Device\HarddiskVolume1\Program Files (x86)\TrDaemon\DlpTaMon64.dll
239524dc.27a0: Error (rc=0):
239624dc.27a0: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll' (C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll): rcNt=0xc0000190
239724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\Program Files (x86)\TrDaemon\DlpTaMon64.dll'
239824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
239924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\OLEAUT32.dll'
240024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000095c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
240124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
240224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
240324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=41D7AA7A9ECA84ABF6801478BA3134174B21C472
240424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll'
240524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
240624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
240724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'wbemcomn.dll'.
240824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
240924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
241024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ole32.dll'.
241124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ws2_32.dll'.
241224dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
241324dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
241424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
241524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
241624dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
241724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
241824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
241924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
242024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
242124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
242224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
242324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
242424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
242524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000960 pwszName=\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
242624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
242724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
242824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=03D0A77E5195AA70198FDE6C2FAC2C76FF200674
242924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll'
243024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
243124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
243224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
243324dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
243424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
243524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ws2_32.dll'.
243624dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll) WinVerifyTrust
243724dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
243824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
243924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
244024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
244124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
244224dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
244324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
244424dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
244524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
244624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
244724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
244824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
244924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
245024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
245124dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f6791:<flags> [calling]
245224dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
245324dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef96f0000 LB 0x0000f000 C:\Windows\system32\wbem\wbemprox.dll [fFlags=0x0]
245424dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemprox.dll
245524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
245624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fef9630000 LB 0x00086000 C:\Windows\system32\wbemcomn.dll [fFlags=0x0]
245724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
245824dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96f0000 'C:\Windows\system32\wbem\wbemprox.dll'
245924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000988 pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
246024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
246124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
246224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=83AB88529BF28CFF670EA617E0B9C376CFE28B0F
246324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll'
246424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
246524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
246624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'rpcrt4.dll'.
246724dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
246824dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
246924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
247024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
247124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
247224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
247324dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f63b1:<flags> [calling]
247424dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
247524dc.27a0: supR3HardenedDllNotificationCallback: load 000007fee8090000 LB 0x00014000 C:\Windows\system32\wbem\wbemsvc.dll [fFlags=0x0]
247624dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\wbemsvc.dll
247724dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8090000 'C:\Windows\system32\wbem\wbemsvc.dll'
247824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000098c pwszName=\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
247924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
248024dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
248124dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=391AD7580DBA8EA6A4190F5A010E834B8C320D79
248224dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll'
248324dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
248424dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
248524dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'wbemcomn.dll'.
248624dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
248724dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
248824dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
248924dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ntdsapi.dll'.
249024dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
249124dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
249224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
249324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
249424dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000096c pwszName=\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
249524dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
249624dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
249724dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
249824dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll'
249924dc.27a0: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
250024dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
250124dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
250224dc.27a0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
250324dc.27a0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ntdsapi.dll) WinVerifyTrust
250424dc.27a0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
250524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
250624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
250724dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ole32.dll
250824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
250924dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
251024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
251124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
251224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn.dll'...
251324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn.dll' -> '\Device\HarddiskVolume1\Windows\System32\wbemcomn.dll' [rcNtRedir=0xc0150008]
251424dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbemcomn.dll
251524dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
251624dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
251724dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
251824dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
251924dc.27a0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
252024dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
252124dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
252224dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
252324dc.27a0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
252424dc.27a0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000001f6411:<flags> [calling]
252524dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
252624dc.27a0: supR3HardenedDllNotificationCallback: load 000007fee8150000 LB 0x000e2000 C:\Windows\system32\wbem\fastprox.dll [fFlags=0x0]
252724dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wbem\fastprox.dll
252824dc.27a0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
252924dc.27a0: supR3HardenedDllNotificationCallback: load 000007fee80b0000 LB 0x00027000 C:\Windows\system32\NTDSAPI.dll [fFlags=0x0]
253024dc.27a0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ntdsapi.dll
253124dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8150000 'C:\Windows\system32\wbem\fastprox.dll'
253224dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\OLEAUT32.dll'
253324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a90 pwszName=\Device\HarddiskVolume1\Windows\System32\netcfgx.dll
253424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
253524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
253624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B2E2834BA132AEF0C1091DED23D983BBB0CDB980
253724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\netcfgx.dll'
253824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
253924dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'shlwapi.dll'.
254024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
254124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
254224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
254324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
254424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
254524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'nsi.dll'.
254624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'iphlpapi.dll'.
254724dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\netcfgx.dll) WinVerifyTrust
254824dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
254924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
255024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
255124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aa0 pwszName=\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
255224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
255324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
255424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
255524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL'
255624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
255724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
255824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
255924dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
256024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
256124dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
256224dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
256324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
256424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
256524dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
256624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
256724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
256824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
256924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
257024dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\oleaut32.dll
257124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
257224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
257324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
257424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
257524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
257624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
257724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
257824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
257924dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shlwapi.dll
258024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
258124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
258224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
258324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
258424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a88 pwszName=\Device\HarddiskVolume1\Windows\System32\winnsi.dll
258524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
258624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
258724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=28DC1A34E4A6B1464B25E6B8BF4EBE1D6A50922D
258824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
258924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\winnsi.dll'
259024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
259124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
259224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
259324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
259424dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\winnsi.dll) WinVerifyTrust
259524dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\winnsi.dll
259624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
259724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
259824dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
259924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
260224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
260324dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
260424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
260524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
260624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
260724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
260824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\netcfgx.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40bbd1:<flags> [calling]
260924dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
261024dc.251c: supR3HardenedDllNotificationCallback: load 000007fee6210000 LB 0x00084000 C:\Windows\system32\netcfgx.dll [fFlags=0x0]
261124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\netcfgx.dll
261224dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
261324dc.251c: supR3HardenedDllNotificationCallback: load 000007fefb2f0000 LB 0x00027000 C:\Windows\system32\IPHLPAPI.DLL [fFlags=0x0]
261424dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
261524dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
261624dc.251c: supR3HardenedDllNotificationCallback: load 000007fefb2e0000 LB 0x0000b000 C:\Windows\system32\WINNSI.DLL [fFlags=0x0]
261724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winnsi.dll
261824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee6210000 'C:\Windows\system32\netcfgx.dll'
261924dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll [redoing WinVerifyTrust]
262024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004cc pwszName=\Device\HarddiskVolume1\Windows\System32\setupapi.dll
262124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
262224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
262324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
262424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
262524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
262624dc.251c: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\setupapi.dll'
262724dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d391:<flags> [calling]
262824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff510000 'C:\Windows\system32\SETUPAPI.dll'
262924dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
263024dc.251c: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume1\Windows\System32\devrtl.dll)
263124dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\devrtl.dll
263224dc.251c: supR3HardenedDllNotificationCallback: load 000007fefc610000 LB 0x00012000 C:\Windows\system32\devrtl.DLL [fFlags=0x0]
263324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\devrtl.dll [avoiding WinVerifyTrust]
263424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000aec pwszName=\Device\HarddiskVolume1\Windows\System32\devrtl.dll
263524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
263624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
263724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=445E5B0E9F43B5D56A5B9C4BC3369E3D076ACA1A
263824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
263924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
264024dc.251c: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\devrtl.dll'
264124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wintrust.dll
264224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
264324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
264424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\WINTRUST.dll (Input=WINTRUST.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d131:<flags> [calling]
264524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd4d0000 'C:\Windows\system32\WINTRUST.dll'
264624dc.2828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
264724dc.2828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
264824dc.2828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
264924dc.2828: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
265024dc.2828: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll) WinVerifyTrust
265124dc.2828: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
265224dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
265324dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
265424dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
265524dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
265624dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
265724dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
265824dc.2828: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
265924dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
266024dc.2828: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
266124dc.2828: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000bacdb11:<flags> [calling]
266224dc.2828: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
266324dc.2828: supR3HardenedDllNotificationCallback: load 000007fef9550000 LB 0x0000b000 C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL [fFlags=0x0]
266424dc.2828: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.dll
266524dc.2828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9550000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedClipboard.DLL'
266624dc.2828: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077700000 'C:\Windows\system32\User32.dll'
266724dc.2830: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
266824dc.2830: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
266924dc.2830: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
267024dc.2830: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll) WinVerifyTrust
267124dc.2830: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
267224dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
267324dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
267424dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
267524dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
267624dc.2830: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll
267724dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
267824dc.2830: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
267924dc.2830: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000c62ddd1:<flags> [calling]
268024dc.2830: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
268124dc.2830: supR3HardenedDllNotificationCallback: load 000007fef7040000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
268224dc.2830: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.dll
268324dc.2830: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef7040000 'C:\Program Files\Oracle\VirtualBox\VBoxDragAndDropSvc.DLL'
268424dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\shell32.dll
268524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40a381:<flags> [calling]
268624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd710000 'C:\Windows\system32\Shell32.dll'
268724dc.251c: supR3HardenedIsApiSetDll: '<NULL>' -> true
268824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000b409481:<flags> [calling]
268924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
269024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
269124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
269224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
269324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
269424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
269524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
269624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
269724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
269824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
269924dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
270024dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll) WinVerifyTrust
270124dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
270224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
270324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
270424dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
270524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
270624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
270724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
270824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
270924dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
271024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
271124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
271224dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
271324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
271424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
271524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
271624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxdd2.dll' [rcNtRedir=0xc0150008]
271724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
271824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
271924dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll) WinVerifyTrust
272024dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
272124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
272224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxddu.dll' [rcNtRedir=0xc0150008]
272324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
272424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
272524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
272624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
272724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
272824dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll) WinVerifyTrust
272924dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
273024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
273124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
273224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
273324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
273424dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
273524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
273624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
273724dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll
273824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
273924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
274024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
274124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
274224dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
274324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
274424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
274524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
274624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
274724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
274824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
274924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
275024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
275124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
275224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
275324dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dc21:<flags> [calling]
275424dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
275524dc.251c: supR3HardenedDllNotificationCallback: load 000007feef510000 LB 0x009da000 C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL [fFlags=0x0]
275624dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD.dll
275724dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
275824dc.251c: supR3HardenedDllNotificationCallback: load 000007fef9560000 LB 0x00064000 C:\Program Files\Oracle\VirtualBox\VBoxDDU.dll [fFlags=0x0]
275924dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDDU.dll
276024dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
276124dc.251c: supR3HardenedDllNotificationCallback: load 000007fef6fe0000 LB 0x0005c000 C:\Program Files\Oracle\VirtualBox\VBoxDD2.dll [fFlags=0x0]
276224dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
276324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feef510000 'C:\Program Files\Oracle\VirtualBox\VBoxDD.DLL'
276424dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxC.dll
276524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dc21:<flags> [calling]
276624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef62f0000 'C:\Program Files\Oracle\VirtualBox\VBoxC.DLL'
276724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxDD2.dll
276824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40db31:<flags> [calling]
276924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6fe0000 'C:\Program Files\Oracle\VirtualBox\VBoxDD2.DLL'
277024dc.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
277124dc.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
277224dc.287c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
277324dc.287c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll) WinVerifyTrust
277424dc.287c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
277524dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
277624dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
277724dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
277824dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
277924dc.287c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
278024dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
278124dc.287c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
278224dc.287c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000009f8de71:<flags> [calling]
278324dc.287c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
278424dc.287c: supR3HardenedDllNotificationCallback: load 000007fef0ab0000 LB 0x00014000 C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL [fFlags=0x0]
278524dc.287c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxSharedFolders.dll
278624dc.287c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0ab0000 'C:\Program Files\Oracle\VirtualBox\VBoxSharedFolders.DLL'
278724dc.2880: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
278824dc.2880: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
278924dc.2880: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxvmm.dll'.
279024dc.2880: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxrt.dll'.
279124dc.2880: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll) WinVerifyTrust
279224dc.2880: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
279324dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
279424dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
279524dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
279624dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxvmm.dll' [rcNtRedir=0xc0150008]
279724dc.2880: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxVMM.dll
279824dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
279924dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
280024dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
280124dc.2880: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
280224dc.2880: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000fcbd981:<flags> [calling]
280324dc.2880: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
280424dc.2880: supR3HardenedDllNotificationCallback: load 000007fef6fd0000 LB 0x0000c000 C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL [fFlags=0x0]
280524dc.2880: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.dll
280624dc.2880: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6fd0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestControlSvc.DLL'
280724dc.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
280824dc.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
280924dc.2884: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
281024dc.2884: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll) WinVerifyTrust
281124dc.2884: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
281224dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
281324dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\vboxrt.dll' [rcNtRedir=0xc0150008]
281424dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
281524dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcp100.dll' [rcNtRedir=0xc0150008]
281624dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
281724dc.2884: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\msvcr100.dll' [rcNtRedir=0xc0150008]
281824dc.2884: supR3HardenedMonitor_LdrLoadDll: pName=C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000fe7db71:<flags> [calling]
281924dc.2884: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
282024dc.2884: supR3HardenedDllNotificationCallback: load 000007fef1bb0000 LB 0x0000d000 C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL [fFlags=0x0]
282124dc.2884: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.dll
282224dc.2884: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef1bb0000 'C:\Program Files\Oracle\VirtualBox\VBoxGuestPropSvc.DLL'
282324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
282424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40da71:<flags> [calling]
282524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2f0000 'C:\Windows\system32\Iphlpapi.dll'
282624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000de0 pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
282724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
282824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
282924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=26E1FE43796DB25FED12BCD7EDBFF3D0A69E8277
283024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
283124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll'
283224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
283324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
283424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
283524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
283624dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
283724dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
283824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
283924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
284024dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
284124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
284224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
284324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
284424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
284524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40ebc1:<flags> [calling]
284624dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
284724dc.251c: supR3HardenedDllNotificationCallback: load 000007fef6d20000 LB 0x00011000 C:\Windows\system32\dhcpcsvc6.DLL [fFlags=0x0]
284824dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc6.dll
284924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef6d20000 'C:\Windows\system32\dhcpcsvc6.DLL'
285024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
285124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e8e1:<flags> [calling]
285224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2f0000 'C:\Windows\system32\IPHLPAPI.DLL'
285324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000dfc pwszName=\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
285424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
285524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
285624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4A8233106293CF3D6E82FF7C8DF65DBBE2824D23
285724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
285824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_776_for_KB4519972~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll'
285924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
286024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
286124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
286224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
286324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
286424dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
286524dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
286624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
286724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume1\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
286824dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\nsi.dll
286924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
287024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
287124dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ws2_32.dll
287224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
287324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
287424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
287524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
287624dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40ec11:<flags> [calling]
287724dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
287824dc.251c: supR3HardenedDllNotificationCallback: load 000007fef66a0000 LB 0x00018000 C:\Windows\system32\dhcpcsvc.DLL [fFlags=0x0]
287924dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dhcpcsvc.dll
288024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef66a0000 'C:\Windows\system32\dhcpcsvc.DLL'
288124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\IPHLPAPI.DLL
288224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e871:<flags> [calling]
288324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb2f0000 'C:\Windows\system32\IPHLPAPI.DLL'
288424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000e9c pwszName=\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
288524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
288624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
288724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
288824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll'
288924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
289024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
289124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
289224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
289324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
289424dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll) WinVerifyTrust
289524dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
289624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
289724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume1\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
289824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ea0 pwszName=\Device\HarddiskVolume1\Windows\System32\propsys.dll
289924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
290024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
290124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
290224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\propsys.dll'
290324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
290424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
290524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
290624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
290724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
290824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
290924dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\propsys.dll) WinVerifyTrust
291024dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\propsys.dll
291124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
291424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
291524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
291624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
291724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
291824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
291924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
292024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
292124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
292224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
292324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
292424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
292524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
292624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
292724dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9c1:<flags> [calling]
292824dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
292924dc.251c: supR3HardenedDllNotificationCallback: load 000007fefaaf0000 LB 0x0004b000 C:\Windows\System32\MMDevApi.dll [fFlags=0x0]
293024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
293124dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
293224dc.251c: supR3HardenedDllNotificationCallback: load 000007fefa7c0000 LB 0x0012c000 C:\Windows\System32\PROPSYS.dll [fFlags=0x0]
293324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\propsys.dll
293424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff290000 'C:\Windows\system32\ADVAPI32.dll'
293524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaaf0000 'C:\Windows\System32\MMDevApi.dll'
293624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
293724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
293824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dcf1:<flags> [calling]
293924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff510000 'C:\Windows\system32\SETUPAPI.dll'
294024dc.28b8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll [redoing WinVerifyTrust]
294124dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004a8 pwszName=\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll
294224dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
294324dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
294424dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
294524dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
294624dc.28b8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
294724dc.28b8: supR3HardenedScreenImage/LdrLoadDll: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume1\Windows\System32\cfgmgr32.dll'
294824dc.28b8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001542f701:<flags> [calling]
294924dc.28b8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd540000 'C:\Windows\system32\CFGMGR32.dll'
295024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ef8 pwszName=\Device\HarddiskVolume1\Windows\System32\dsound.dll
295124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
295224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
295324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
295424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\dsound.dll'
295524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
295624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
295724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
295824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
295924dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
296024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
296124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
296224dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\dsound.dll) WinVerifyTrust
296324dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\dsound.dll
296424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
296524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume1\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
296624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ee4 pwszName=\Device\HarddiskVolume1\Windows\System32\powrprof.dll
296724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
296824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
296924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
297024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\powrprof.dll'
297124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
297224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
297324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
297424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
297524dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\powrprof.dll) WinVerifyTrust
297624dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\powrprof.dll
297724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
297824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
297924dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
298024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
298124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
298224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
298324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
298424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
298524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
298624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
298724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
298824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
298924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
299024dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\setupapi.dll
299124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
299224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
299324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
299424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
299524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40daf1:<flags> [calling]
299624dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
299724dc.251c: supR3HardenedDllNotificationCallback: load 000007fef0a20000 LB 0x00088000 C:\Windows\System32\dsound.dll [fFlags=0x0]
299824dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
299924dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
300024dc.251c: supR3HardenedDllNotificationCallback: load 000007fefb340000 LB 0x0002c000 C:\Windows\System32\POWRPROF.dll [fFlags=0x0]
300124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\powrprof.dll
300224dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
300324dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40ce61:<flags> [calling]
300424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0a20000 'C:\Windows\System32\dsound.dll'
300524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0a20000 'C:\Windows\System32\dsound.dll'
300624dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
300724dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dbb1:<flags> [calling]
300824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0a20000 'C:\Windows\system32\dsound.dll'
300924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeea0000 'C:\Windows\system32\SHLWAPI.dll'
301024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
301124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e9d1:<flags> [calling]
301224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaaf0000 'C:\Windows\system32\MMDEVAPI.DLL'
301324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
301424dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f04 pwszName=\Device\HarddiskVolume1\Windows\System32\AudioSes.dll
301524dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
301624dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
301724dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DEC7EC10FABD9D64EA15E6F9C426B2BBBC4DFEED
301824dc.28c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5a0000 'C:\Windows\system32\crypt32.dll'
301924dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_204_for_KB4519976~31bf3856ad364e35~amd64~~6.1.1.9.cat'; file='\Device\HarddiskVolume1\Windows\System32\AudioSes.dll'
302024dc.28c8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
302124dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
302224dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
302324dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
302424dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
302524dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
302624dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
302724dc.28c8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
302824dc.28c8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\AudioSes.dll) WinVerifyTrust
302924dc.28c8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
303024dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
303124dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
303224dc.28c8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
303324dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
303424dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume1\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
303524dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
303624dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
303724dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
303824dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume1\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
303924dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
304024dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
304124dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
304224dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
304324dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
304424dc.28c8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
304524dc.28c8: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000001576f581:<flags> [calling]
304624dc.28c8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
304724dc.28c8: supR3HardenedDllNotificationCallback: load 000007fef9740000 LB 0x0004f000 C:\Windows\system32\AUDIOSES.DLL [fFlags=0x0]
304824dc.28c8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
304924dc.28c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9740000 'C:\Windows\system32\AUDIOSES.DLL'
305024dc.28c8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff370000 'C:\Windows\system32\OLEAUT32.dll'
305124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
305224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e601:<flags> [calling]
305324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
305424dc.251c: supR3HardenedIsApiSetDll: '<NULL>' -> true
305524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000b40e461:<flags> [calling]
305624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-Management-L1-1-0.dll'
305724dc.251c: supR3HardenedIsApiSetDll: '<NULL>' -> true
305824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000b40e461:<flags> [calling]
305924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefebb0000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
306024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feff6f0000 'C:\Windows\system32\RPCRT4.dll'
306124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
306224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e4c1:<flags> [calling]
306324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefaaf0000 'C:\Windows\system32\MMDevAPI.DLL'
306424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f24 pwszName=\Device\HarddiskVolume1\Windows\System32\wdmaud.drv
306524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
306624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
306724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
306824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume1\Windows\System32\wdmaud.drv'
306924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
307024dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
307124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
307224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
307324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
307424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
307524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
307624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
307724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
307824dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\wdmaud.drv) WinVerifyTrust
307924dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
308024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
308124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
308224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f50 pwszName=\Device\HarddiskVolume1\Windows\System32\avrt.dll
308324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
308424dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
308524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
308624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\avrt.dll'
308724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
308824dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\avrt.dll) WinVerifyTrust
308924dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\avrt.dll
309024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
309124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
309224dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
309324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
309424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume1\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
309524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f08 pwszName=\Device\HarddiskVolume1\Windows\System32\ksuser.dll
309624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
309724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
309824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
309924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume1\Windows\System32\ksuser.dll'
310024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
310124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
310224dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\ksuser.dll) WinVerifyTrust
310324dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\ksuser.dll
310424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
310524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
310624dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
310724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
310824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
310924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
311024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume1\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
311124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
311224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
311324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
311424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
311524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
311624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
311724dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e031:<flags> [calling]
311824dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
311924dc.251c: supR3HardenedDllNotificationCallback: load 000007fef9890000 LB 0x0003b000 C:\Windows\system32\wdmaud.drv [fFlags=0x0]
312024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
312124dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
312224dc.251c: supR3HardenedDllNotificationCallback: load 00000000750a0000 LB 0x00006000 C:\Windows\system32\ksuser.dll [fFlags=0x0]
312324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\ksuser.dll
312424dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
312524dc.251c: supR3HardenedDllNotificationCallback: load 000007fefb420000 LB 0x00009000 C:\Windows\system32\AVRT.dll [fFlags=0x0]
312624dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
312724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
312824dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
312924dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e031:<flags> [calling]
313024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
313124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
313224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
313324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
313424dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
313524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
313624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
313724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
313824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
313924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
314124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
314224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
314424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
314524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
314924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315124dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\wdmaud.drv
315424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e1e1:<flags> [calling]
315524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9890000 'C:\Windows\system32\wdmaud.drv'
315824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f40 pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.drv
315924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
316024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
316124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
316224dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.drv'
316324dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
316424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
316524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
316624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
316724dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
316824dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
316924dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.drv) WinVerifyTrust
317024dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.drv
317124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
317224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume1\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
317324dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\MMDevAPI.dll
317424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
317524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume1\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
317624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f1c pwszName=\Device\HarddiskVolume1\Windows\System32\msacm32.dll
317724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
317824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
317924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
318024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume1\Windows\System32\msacm32.dll'
318124dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
318224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
318324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
318424dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
318524dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
318624dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
318724dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\msacm32.dll) WinVerifyTrust
318824dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\msacm32.dll
318924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
319024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
319124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
319224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
319324dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
319424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
319524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
319624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
319724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
319824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
319924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
320024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
320124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
320224dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume1\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
320324dc.251c: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\advapi32.dll
320424dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
320524dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
320624dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dfe1:<flags> [calling]
320724dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
320824dc.251c: supR3HardenedDllNotificationCallback: load 000007fef9700000 LB 0x0000a000 C:\Windows\system32\msacm32.drv [fFlags=0x0]
320924dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
321024dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
321124dc.251c: supR3HardenedDllNotificationCallback: load 000007fef96d0000 LB 0x00018000 C:\Windows\system32\MSACM32.dll [fFlags=0x0]
321224dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.dll
321324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
321424dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
321524dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
321624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
321724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
321824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
321924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
322024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
322124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
322224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
322324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
322424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
322524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
322624dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
322724dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
322824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
322924dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\msacm32.drv
323024dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9e1:<flags> [calling]
323124dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
323224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
323324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
323424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9700000 'C:\Windows\system32\msacm32.drv'
323524dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f54 pwszName=\Device\HarddiskVolume1\Windows\System32\midimap.dll
323624dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 0000000002a0ef30
323724dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=0000000002a0ef30
323824dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
323924dc.251c: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\Windows\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume1\Windows\System32\midimap.dll'
324024dc.251c: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
324124dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
324224dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
324324dc.251c: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
324424dc.251c: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume1\Windows\System32\midimap.dll) WinVerifyTrust
324524dc.251c: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume1\Windows\System32\midimap.dll
324624dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
324724dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume1\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
324824dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
324924dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume1\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
325024dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
325124dc.251c: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume1\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
325224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dfe1:<flags> [calling]
325324dc.251c: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
325424dc.251c: supR3HardenedDllNotificationCallback: load 000007fef96c0000 LB 0x00009000 C:\Windows\system32\midimap.dll [fFlags=0x0]
325524dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
325624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\midimap.dll'
325724dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
325824dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9b1:<flags> [calling]
325924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\midimap.dll'
326024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
326124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40d9b1:<flags> [calling]
326224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\midimap.dll'
326324dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\midimap.dll
326424dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40dfe1:<flags> [calling]
326524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef96c0000 'C:\Windows\system32\midimap.dll'
326624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
326724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
326824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
326924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeca0000 'C:\Windows\system32\ole32.dll'
327024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327124dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
327224dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40e601:<flags> [calling]
327324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
327924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
328124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40db81:<flags> [calling]
328224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0a20000 'C:\Windows\system32\dsound.dll'
328324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328524dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328624dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
328924dc.27a0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\WINMM.dll'
329024dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\dsound.dll
329124dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40a9b1:<flags> [calling]
329224dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef0a20000 'C:\Windows\system32\dsound.dll'
329324dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
329424dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
329524dc.251c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\winmm.dll
329624dc.251c: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b40bad1:<flags> [calling]
329724dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
329824dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
329924dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
330024dc.251c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98d0000 'C:\Windows\system32\winmm.dll'
330124dc.22d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\AudioSes.dll
330224dc.22d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000b1dd061:<flags> [calling]
330324dc.22d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9740000 'C:\Windows\System32\audioses.dll'
330424dc.2b98: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume1\Windows\System32\avrt.dll
330524dc.2b98: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000074edf7d1:<flags> [calling]
330624dc.2b98: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb420000 'C:\Windows\system32\avrt.dll'
33072204.3a0: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000374 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 37361 ms, the end);
33081850.1e04: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000374 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 37719 ms, the end);

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy