Ticket #16292: VBoxHardening.log

File VBoxHardening.log, 390.4 KB (added by cepal, 8 years ago)

Line
1	2ad8.2ae4: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000014 g_uNtVerCombined=0x611db110
2	2ad8.2ae4: \SystemRoot\System32\ntdll.dll:
3	2ad8.2ae4: CreationTime: 2016-12-06T13:54:13.996612500Z
4	2ad8.2ae4: LastWriteTime: 2016-10-07T15:35:29.838228900Z
5	2ad8.2ae4: ChangeTime: 2016-12-06T14:34:54.832632500Z
6	2ad8.2ae4: FileAttributes: 0x20
7	2ad8.2ae4: Size: 0x1a7100
8	2ad8.2ae4: NT Headers: 0xe0
9	2ad8.2ae4: Timestamp: 0x57f7c06e
10	2ad8.2ae4: Machine: 0x8664 - amd64
11	2ad8.2ae4: Timestamp: 0x57f7c06e
12	2ad8.2ae4: Image Version: 6.1
13	2ad8.2ae4: SizeOfImage: 0x1aa000 (1744896)
14	2ad8.2ae4: Resource Dir: 0x14e000 LB 0x5a028
15	2ad8.2ae4: ProductName: Microsoft® Windows® Operating System
16	2ad8.2ae4: ProductVersion: 6.1.7601.23569
17	2ad8.2ae4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
18	2ad8.2ae4: FileDescription: NT Layer DLL
19	2ad8.2ae4: \SystemRoot\System32\kernel32.dll:
20	2ad8.2ae4: CreationTime: 2016-12-06T13:54:13.154207100Z
21	2ad8.2ae4: LastWriteTime: 2016-10-07T15:32:25.787000000Z
22	2ad8.2ae4: ChangeTime: 2016-12-06T14:34:58.686906700Z
23	2ad8.2ae4: FileAttributes: 0x20
24	2ad8.2ae4: Size: 0x11c000
25	2ad8.2ae4: NT Headers: 0xe0
26	2ad8.2ae4: Timestamp: 0x57f7c0b3
27	2ad8.2ae4: Machine: 0x8664 - amd64
28	2ad8.2ae4: Timestamp: 0x57f7c0b3
29	2ad8.2ae4: Image Version: 6.1
30	2ad8.2ae4: SizeOfImage: 0x11f000 (1175552)
31	2ad8.2ae4: Resource Dir: 0x116000 LB 0x528
32	2ad8.2ae4: ProductName: Microsoft® Windows® Operating System
33	2ad8.2ae4: ProductVersion: 6.1.7601.23569
34	2ad8.2ae4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
35	2ad8.2ae4: FileDescription: Windows NT BASE API Client DLL
36	2ad8.2ae4: \SystemRoot\System32\KernelBase.dll:
37	2ad8.2ae4: CreationTime: 2016-12-06T13:54:42.513595300Z
38	2ad8.2ae4: LastWriteTime: 2016-10-07T15:32:25.802000000Z
39	2ad8.2ae4: ChangeTime: 2016-12-06T14:34:58.640105800Z
40	2ad8.2ae4: FileAttributes: 0x20
41	2ad8.2ae4: Size: 0x66800
42	2ad8.2ae4: NT Headers: 0xe8
43	2ad8.2ae4: Timestamp: 0x57f7c0b4
44	2ad8.2ae4: Machine: 0x8664 - amd64
45	2ad8.2ae4: Timestamp: 0x57f7c0b4
46	2ad8.2ae4: Image Version: 6.1
47	2ad8.2ae4: SizeOfImage: 0x6a000 (434176)
48	2ad8.2ae4: Resource Dir: 0x68000 LB 0x530
49	2ad8.2ae4: ProductName: Microsoft® Windows® Operating System
50	2ad8.2ae4: ProductVersion: 6.1.7601.23569
51	2ad8.2ae4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
52	2ad8.2ae4: FileDescription: Windows NT BASE API Client DLL
53	2ad8.2ae4: \SystemRoot\System32\apisetschema.dll:
54	2ad8.2ae4: CreationTime: 2016-12-06T13:54:39.346775000Z
55	2ad8.2ae4: LastWriteTime: 2016-10-07T15:32:20.717000000Z
56	2ad8.2ae4: ChangeTime: 2016-12-06T14:34:54.598628000Z
57	2ad8.2ae4: FileAttributes: 0x20
58	2ad8.2ae4: Size: 0x1a00
59	2ad8.2ae4: NT Headers: 0xc0
60	2ad8.2ae4: Timestamp: 0x57f7c04d
61	2ad8.2ae4: Machine: 0x8664 - amd64
62	2ad8.2ae4: Timestamp: 0x57f7c04d
63	2ad8.2ae4: Image Version: 6.1
64	2ad8.2ae4: SizeOfImage: 0x50000 (327680)
65	2ad8.2ae4: Resource Dir: 0x30000 LB 0x3f8
66	2ad8.2ae4: ProductName: Microsoft® Windows® Operating System
67	2ad8.2ae4: ProductVersion: 6.1.7601.23569
68	2ad8.2ae4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
69	2ad8.2ae4: FileDescription: ApiSet Schema DLL
70	2ad8.2ae4: Found driver mfewfpk (0x20)
71	2ad8.2ae4: Found driver mfehidk (0x20)
72	2ad8.2ae4: Found driver mfeavfk (0x20)
73	2ad8.2ae4: Found driver mfefirek (0x20)
74	2ad8.2ae4: supR3HardenedWinFindAdversaries: 0x20
75	2ad8.2ae4: \SystemRoot\System32\drivers\mfeavfk.sys:
76	2ad8.2ae4: CreationTime: 2016-10-22T05:17:09.511250000Z
77	2ad8.2ae4: LastWriteTime: 2016-10-22T05:16:44.230000000Z
78	2ad8.2ae4: ChangeTime: 2016-11-10T18:19:49.912409800Z
79	2ad8.2ae4: FileAttributes: 0x20
80	2ad8.2ae4: Size: 0x55328
81	2ad8.2ae4: NT Headers: 0xe8
82	2ad8.2ae4: Timestamp: 0x56b28095
83	2ad8.2ae4: Machine: 0x8664 - amd64
84	2ad8.2ae4: Timestamp: 0x56b28095
85	2ad8.2ae4: Image Version: 0.0
86	2ad8.2ae4: SizeOfImage: 0x57000 (356352)
87	2ad8.2ae4: Resource Dir: 0x55000 LB 0x758
88	2ad8.2ae4: ProductName: SYSCORE
89	2ad8.2ae4: ProductVersion: 15.4.0.811
90	2ad8.2ae4: FileVersion: SYSCORE.15.4.0.811
91	2ad8.2ae4: PrivateBuild: SYSCORE.15.4.0.811 F15,F16,F19
92	2ad8.2ae4: FileDescription: Anti-Virus File System Filter Driver
93	2ad8.2ae4: \SystemRoot\System32\drivers\mfefirek.sys:
94	2ad8.2ae4: CreationTime: 2016-10-22T05:17:35.042500000Z
95	2ad8.2ae4: LastWriteTime: 2016-10-22T05:16:45.058125000Z
96	2ad8.2ae4: ChangeTime: 2016-11-10T18:19:49.943789600Z
97	2ad8.2ae4: FileAttributes: 0x20
98	2ad8.2ae4: Size: 0x78728
99	2ad8.2ae4: NT Headers: 0xe8
100	2ad8.2ae4: Timestamp: 0x56b280ed
101	2ad8.2ae4: Machine: 0x8664 - amd64
102	2ad8.2ae4: Timestamp: 0x56b280ed
103	2ad8.2ae4: Image Version: 0.0
104	2ad8.2ae4: SizeOfImage: 0x7b000 (503808)
105	2ad8.2ae4: Resource Dir: 0x77000 LB 0x388
106	2ad8.2ae4: ProductName: SYSCORE
107	2ad8.2ae4: ProductVersion: 15.4.0.811
108	2ad8.2ae4: FileVersion: SYSCORE.15.4.0.811
109	2ad8.2ae4: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
110	2ad8.2ae4: FileDescription: McAfee Core Firewall Engine Driver
111	2ad8.2ae4: \SystemRoot\System32\drivers\mfehidk.sys:
112	2ad8.2ae4: CreationTime: 2016-10-22T05:17:07.526875000Z
113	2ad8.2ae4: LastWriteTime: 2016-10-22T05:16:44.464375000Z
114	2ad8.2ae4: ChangeTime: 2016-11-10T18:19:49.990579600Z
115	2ad8.2ae4: FileAttributes: 0x20
116	2ad8.2ae4: Size: 0xcd528
117	2ad8.2ae4: NT Headers: 0x100
118	2ad8.2ae4: Timestamp: 0x56b28053
119	2ad8.2ae4: Machine: 0x8664 - amd64
120	2ad8.2ae4: Timestamp: 0x56b28053
121	2ad8.2ae4: Image Version: 0.0
122	2ad8.2ae4: SizeOfImage: 0xd9000 (888832)
123	2ad8.2ae4: Resource Dir: 0xd5000 LB 0x758
124	2ad8.2ae4: ProductName: SYSCORE
125	2ad8.2ae4: ProductVersion: 15.4.0.811
126	2ad8.2ae4: FileVersion: SYSCORE.15.4.0.811
127	2ad8.2ae4: PrivateBuild: SYSCORE.15.4.0.811 F14,F15,F16,F18,F20
128	2ad8.2ae4: FileDescription: McAfee Link Driver
129	2ad8.2ae4: \SystemRoot\System32\drivers\mfewfpk.sys:
130	2ad8.2ae4: CreationTime: 2016-10-22T05:16:57.245625000Z
131	2ad8.2ae4: LastWriteTime: 2016-10-22T05:16:44.636250000Z
132	2ad8.2ae4: ChangeTime: 2016-11-10T18:19:50.021832500Z
133	2ad8.2ae4: FileAttributes: 0x20
134	2ad8.2ae4: Size: 0x3b728
135	2ad8.2ae4: NT Headers: 0xf0
136	2ad8.2ae4: Timestamp: 0x56b28063
137	2ad8.2ae4: Machine: 0x8664 - amd64
138	2ad8.2ae4: Timestamp: 0x56b28063
139	2ad8.2ae4: Image Version: 0.0
140	2ad8.2ae4: SizeOfImage: 0x59000 (364544)
141	2ad8.2ae4: Resource Dir: 0x57000 LB 0x380
142	2ad8.2ae4: ProductName: SYSCORE
143	2ad8.2ae4: ProductVersion: 15.4.0.811
144	2ad8.2ae4: FileVersion: SYSCORE.15.4.0.811
145	2ad8.2ae4: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
146	2ad8.2ae4: FileDescription: Anti-Virus Mini-Firewall Driver
147	2ad8.2ae4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\local\apps\Virtualbox'
148	2ad8.2ae4: Calling main()
149	2ad8.2ae4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
150	2ad8.2ae4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\local\apps\Virtualbox'
151	2ad8.2ae4: SUPR3HardenedMain: Respawn #1
152	2ad8.2ae4: System32: \Device\HarddiskVolume2\Windows\System32
153	2ad8.2ae4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
154	2ad8.2ae4: KnownDllPath: C:\WINDOWS\system32
155	2ad8.2ae4: '\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe' has no imports
156	2ad8.2ae4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe)
157	2ad8.2ae4: supR3HardNtEnableThreadCreation:
158	2ad8.2ae4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a7a360 pvNtTerminateThread=0000000077a9c260
159	2ad8.2ae4: supR3HardenedWinDoReSpawn(1): New child 2af0.2ae8 [kernel32].
160	2ad8.2ae4: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdd000 cbPeb=0x380
161	2ad8.2ae4: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077a50000 uNtDllChildAddr=0000000077a50000
162	2ad8.2ae4: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077a7a360
163	2ad8.2ae4: supR3HardenedWinSetupChildInit: Start child.
164	2ad8.2ae4: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
165	2ad8.2ae4: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
166	2ad8.2ae4: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
167	2ad8.2ae4: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
168	2ad8.2ae4: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
169	2ad8.2ae4: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
170	2ad8.2ae4: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
171	2ad8.2ae4: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
172	2ad8.2ae4: 0000000000041000-fffffffffff21fff 0x0001/0x0000 0x0000000
173	2ad8.2ae4: *0000000000160000-0000000000063fff 0x0000/0x0004 0x0020000
174	2ad8.2ae4: 000000000025c000-0000000000259fff 0x0104/0x0004 0x0020000
175	2ad8.2ae4: 000000000025e000-000000000025bfff 0x0004/0x0004 0x0020000
176	2ad8.2ae4: 0000000000260000-ffffffff88a6ffff 0x0001/0x0000 0x0000000
177	2ad8.2ae4: *0000000077a50000-0000000077a50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
178	2ad8.2ae4: 0000000077a51000-0000000077b4dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
179	2ad8.2ae4: 0000000077b4e000-0000000077b7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
180	2ad8.2ae4: 0000000077b7d000-0000000077b86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
181	2ad8.2ae4: 0000000077b87000-0000000077b87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
182	2ad8.2ae4: 0000000077b88000-0000000077b8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
183	2ad8.2ae4: 0000000077b8b000-0000000077bf9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
184	2ad8.2ae4: 0000000077bfa000-0000000070813fff 0x0001/0x0000 0x0000000
185	2ad8.2ae4: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
186	2ad8.2ae4: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
187	2ad8.2ae4: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
188	2ad8.2ae4: 000000007fff0000-ffffffffc0ccffff 0x0001/0x0000 0x0000000
189	2ad8.2ae4: *000000013f310000-000000013f310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
190	2ad8.2ae4: 000000013f311000-000000013f37ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
191	2ad8.2ae4: 000000013f380000-000000013f380fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
192	2ad8.2ae4: 000000013f381000-000000013f3c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
193	2ad8.2ae4: 000000013f3c6000-000000013f3c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
194	2ad8.2ae4: 000000013f3c7000-000000013f3c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
195	2ad8.2ae4: 000000013f3c8000-000000013f3ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
196	2ad8.2ae4: 000000013f3cd000-000000013f3cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
197	2ad8.2ae4: 000000013f3ce000-000000013f3cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
198	2ad8.2ae4: 000000013f3cf000-000000013f3d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
199	2ad8.2ae4: 000000013f3d3000-000000013f41afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
200	2ad8.2ae4: 000000013f41b000-fffff8037eac5fff 0x0001/0x0000 0x0000000
201	2ad8.2ae4: *000007feffd70000-000007feffd70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
202	2ad8.2ae4: 000007feffd71000-000007fdffb31fff 0x0001/0x0000 0x0000000
203	2ad8.2ae4: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
204	2ad8.2ae4: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
205	2ad8.2ae4: *000007fffffdd000-000007fffffdbfff 0x0004/0x0004 0x0020000
206	2ad8.2ae4: *000007fffffde000-000007fffffdbfff 0x0004/0x0004 0x0020000
207	2ad8.2ae4: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
208	2ad8.2ae4: apisetschema.dll: timestamp 0x57f7c04d (rc=VINF_SUCCESS)
209	2ad8.2ae4: VirtualBox.exe: timestamp 0x58332496 (rc=VINF_SUCCESS)
210	2ad8.2ae4: '\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe' has no imports
211	2ad8.2ae4: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
212	2ad8.2ae4: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
213	2ad8.2ae4: supR3HardNtChildPurify: Done after 530 ms and 0 fixes (loop #0).
214	2ad8.2ae4: supR3HardNtEnableThreadCreation:
215	2af0.2ae8: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
216	2af0.2ae8: supR3HardenedVmProcessInit: uNtDllAddr=0000000077a50000 g_uNtVerCombined=0x611db100
217	2af0.2ae8: ntdll.dll: timestamp 0x57f7c06e (rc=VINF_SUCCESS)
218	2af0.2ae8: New simple heap: #1 0000000000260000 LB 0x400000 (for 1744896 allocation)
219	2af0.2ae8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\local\apps\Virtualbox'
220	2af0.2ae8: System32: \Device\HarddiskVolume2\Windows\System32
221	2af0.2ae8: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
222	2af0.2ae8: KnownDllPath: C:\WINDOWS\system32
223	2af0.2ae8: supR3HardenedVmProcessInit: Opening vboxdrv stub...
224	2af0.2ae8: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
225	2af0.2ae8: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
226	2af0.2ae8: Registered Dll notification callback with NTDLL.
227	2af0.2ae8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
228	2af0.2ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
229	2af0.2ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
230	2af0.2ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
231	2af0.2ae8: supR3HardenedDllNotificationCallback: load 0000000077930000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
232	2af0.2ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
233	2af0.2ae8: supR3HardenedDllNotificationCallback: load 000007fefd910000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
234	2af0.2ae8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
235	2af0.2ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
236	2af0.2ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077930000 'C:\WINDOWS\system32\kernel32.dll'
237	2af0.2ae8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a7a360 pvNtTerminateThread=0000000077a9c260
238	2ad8.2ae4: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 16 ms.
239	2af0.2ae8: \SystemRoot\System32\ntdll.dll:
240	2af0.2ae8: CreationTime: 2016-12-06T13:54:13.996612500Z
241	2af0.2ae8: LastWriteTime: 2016-10-07T15:35:29.838228900Z
242	2af0.2ae8: ChangeTime: 2016-12-06T14:34:54.832632500Z
243	2af0.2ae8: FileAttributes: 0x20
244	2af0.2ae8: Size: 0x1a7100
245	2af0.2ae8: NT Headers: 0xe0
246	2af0.2ae8: Timestamp: 0x57f7c06e
247	2af0.2ae8: Machine: 0x8664 - amd64
248	2af0.2ae8: Timestamp: 0x57f7c06e
249	2af0.2ae8: Image Version: 6.1
250	2af0.2ae8: SizeOfImage: 0x1aa000 (1744896)
251	2af0.2ae8: Resource Dir: 0x14e000 LB 0x5a028
252	2af0.2ae8: ProductName: Microsoft® Windows® Operating System
253	2af0.2ae8: ProductVersion: 6.1.7601.23569
254	2af0.2ae8: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
255	2af0.2ae8: FileDescription: NT Layer DLL
256	2af0.2ae8: \SystemRoot\System32\kernel32.dll:
257	2af0.2ae8: CreationTime: 2016-12-06T13:54:13.154207100Z
258	2af0.2ae8: LastWriteTime: 2016-10-07T15:32:25.787000000Z
259	2af0.2ae8: ChangeTime: 2016-12-06T14:34:58.686906700Z
260	2af0.2ae8: FileAttributes: 0x20
261	2af0.2ae8: Size: 0x11c000
262	2af0.2ae8: NT Headers: 0xe0
263	2af0.2ae8: Timestamp: 0x57f7c0b3
264	2af0.2ae8: Machine: 0x8664 - amd64
265	2af0.2ae8: Timestamp: 0x57f7c0b3
266	2af0.2ae8: Image Version: 6.1
267	2af0.2ae8: SizeOfImage: 0x11f000 (1175552)
268	2af0.2ae8: Resource Dir: 0x116000 LB 0x528
269	2af0.2ae8: ProductName: Microsoft® Windows® Operating System
270	2af0.2ae8: ProductVersion: 6.1.7601.23569
271	2af0.2ae8: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
272	2af0.2ae8: FileDescription: Windows NT BASE API Client DLL
273	2af0.2ae8: \SystemRoot\System32\KernelBase.dll:
274	2af0.2ae8: CreationTime: 2016-12-06T13:54:42.513595300Z
275	2af0.2ae8: LastWriteTime: 2016-10-07T15:32:25.802000000Z
276	2af0.2ae8: ChangeTime: 2016-12-06T14:34:58.640105800Z
277	2af0.2ae8: FileAttributes: 0x20
278	2af0.2ae8: Size: 0x66800
279	2af0.2ae8: NT Headers: 0xe8
280	2af0.2ae8: Timestamp: 0x57f7c0b4
281	2af0.2ae8: Machine: 0x8664 - amd64
282	2af0.2ae8: Timestamp: 0x57f7c0b4
283	2af0.2ae8: Image Version: 6.1
284	2af0.2ae8: SizeOfImage: 0x6a000 (434176)
285	2af0.2ae8: Resource Dir: 0x68000 LB 0x530
286	2af0.2ae8: ProductName: Microsoft® Windows® Operating System
287	2af0.2ae8: ProductVersion: 6.1.7601.23569
288	2af0.2ae8: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
289	2af0.2ae8: FileDescription: Windows NT BASE API Client DLL
290	2af0.2ae8: \SystemRoot\System32\apisetschema.dll:
291	2af0.2ae8: CreationTime: 2016-12-06T13:54:39.346775000Z
292	2af0.2ae8: LastWriteTime: 2016-10-07T15:32:20.717000000Z
293	2af0.2ae8: ChangeTime: 2016-12-06T14:34:54.598628000Z
294	2af0.2ae8: FileAttributes: 0x20
295	2af0.2ae8: Size: 0x1a00
296	2af0.2ae8: NT Headers: 0xc0
297	2af0.2ae8: Timestamp: 0x57f7c04d
298	2af0.2ae8: Machine: 0x8664 - amd64
299	2af0.2ae8: Timestamp: 0x57f7c04d
300	2af0.2ae8: Image Version: 6.1
301	2af0.2ae8: SizeOfImage: 0x50000 (327680)
302	2af0.2ae8: Resource Dir: 0x30000 LB 0x3f8
303	2af0.2ae8: ProductName: Microsoft® Windows® Operating System
304	2af0.2ae8: ProductVersion: 6.1.7601.23569
305	2af0.2ae8: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
306	2af0.2ae8: FileDescription: ApiSet Schema DLL
307	2af0.2ae8: Found driver mfewfpk (0x20)
308	2af0.2ae8: Found driver mfehidk (0x20)
309	2af0.2ae8: Found driver mfeavfk (0x20)
310	2af0.2ae8: Found driver mfefirek (0x20)
311	2af0.2ae8: supR3HardenedWinFindAdversaries: 0x20
312	2af0.2ae8: \SystemRoot\System32\drivers\mfeavfk.sys:
313	2af0.2ae8: CreationTime: 2016-10-22T05:17:09.511250000Z
314	2af0.2ae8: LastWriteTime: 2016-10-22T05:16:44.230000000Z
315	2af0.2ae8: ChangeTime: 2016-11-10T18:19:49.912409800Z
316	2af0.2ae8: FileAttributes: 0x20
317	2af0.2ae8: Size: 0x55328
318	2af0.2ae8: NT Headers: 0xe8
319	2af0.2ae8: Timestamp: 0x56b28095
320	2af0.2ae8: Machine: 0x8664 - amd64
321	2af0.2ae8: Timestamp: 0x56b28095
322	2af0.2ae8: Image Version: 0.0
323	2af0.2ae8: SizeOfImage: 0x57000 (356352)
324	2af0.2ae8: Resource Dir: 0x55000 LB 0x758
325	2af0.2ae8: ProductName: SYSCORE
326	2af0.2ae8: ProductVersion: 15.4.0.811
327	2af0.2ae8: FileVersion: SYSCORE.15.4.0.811
328	2af0.2ae8: PrivateBuild: SYSCORE.15.4.0.811 F15,F16,F19
329	2af0.2ae8: FileDescription: Anti-Virus File System Filter Driver
330	2af0.2ae8: \SystemRoot\System32\drivers\mfefirek.sys:
331	2af0.2ae8: CreationTime: 2016-10-22T05:17:35.042500000Z
332	2af0.2ae8: LastWriteTime: 2016-10-22T05:16:45.058125000Z
333	2af0.2ae8: ChangeTime: 2016-11-10T18:19:49.943789600Z
334	2af0.2ae8: FileAttributes: 0x20
335	2af0.2ae8: Size: 0x78728
336	2af0.2ae8: NT Headers: 0xe8
337	2af0.2ae8: Timestamp: 0x56b280ed
338	2af0.2ae8: Machine: 0x8664 - amd64
339	2af0.2ae8: Timestamp: 0x56b280ed
340	2af0.2ae8: Image Version: 0.0
341	2af0.2ae8: SizeOfImage: 0x7b000 (503808)
342	2af0.2ae8: Resource Dir: 0x77000 LB 0x388
343	2af0.2ae8: ProductName: SYSCORE
344	2af0.2ae8: ProductVersion: 15.4.0.811
345	2af0.2ae8: FileVersion: SYSCORE.15.4.0.811
346	2af0.2ae8: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
347	2af0.2ae8: FileDescription: McAfee Core Firewall Engine Driver
348	2af0.2ae8: \SystemRoot\System32\drivers\mfehidk.sys:
349	2af0.2ae8: CreationTime: 2016-10-22T05:17:07.526875000Z
350	2af0.2ae8: LastWriteTime: 2016-10-22T05:16:44.464375000Z
351	2af0.2ae8: ChangeTime: 2016-11-10T18:19:49.990579600Z
352	2af0.2ae8: FileAttributes: 0x20
353	2af0.2ae8: Size: 0xcd528
354	2af0.2ae8: NT Headers: 0x100
355	2af0.2ae8: Timestamp: 0x56b28053
356	2af0.2ae8: Machine: 0x8664 - amd64
357	2af0.2ae8: Timestamp: 0x56b28053
358	2af0.2ae8: Image Version: 0.0
359	2af0.2ae8: SizeOfImage: 0xd9000 (888832)
360	2af0.2ae8: Resource Dir: 0xd5000 LB 0x758
361	2af0.2ae8: ProductName: SYSCORE
362	2af0.2ae8: ProductVersion: 15.4.0.811
363	2af0.2ae8: FileVersion: SYSCORE.15.4.0.811
364	2af0.2ae8: PrivateBuild: SYSCORE.15.4.0.811 F14,F15,F16,F18,F20
365	2af0.2ae8: FileDescription: McAfee Link Driver
366	2af0.2ae8: \SystemRoot\System32\drivers\mfewfpk.sys:
367	2af0.2ae8: CreationTime: 2016-10-22T05:16:57.245625000Z
368	2af0.2ae8: LastWriteTime: 2016-10-22T05:16:44.636250000Z
369	2af0.2ae8: ChangeTime: 2016-11-10T18:19:50.021832500Z
370	2af0.2ae8: FileAttributes: 0x20
371	2af0.2ae8: Size: 0x3b728
372	2af0.2ae8: NT Headers: 0xf0
373	2af0.2ae8: Timestamp: 0x56b28063
374	2af0.2ae8: Machine: 0x8664 - amd64
375	2af0.2ae8: Timestamp: 0x56b28063
376	2af0.2ae8: Image Version: 0.0
377	2af0.2ae8: SizeOfImage: 0x59000 (364544)
378	2af0.2ae8: Resource Dir: 0x57000 LB 0x380
379	2af0.2ae8: ProductName: SYSCORE
380	2af0.2ae8: ProductVersion: 15.4.0.811
381	2af0.2ae8: FileVersion: SYSCORE.15.4.0.811
382	2af0.2ae8: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
383	2af0.2ae8: FileDescription: Anti-Virus Mini-Firewall Driver
384	2af0.2ae8: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\local\apps\Virtualbox'
385	2af0.2ae8: Calling main()
386	2af0.2ae8: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
387	2af0.2ae8: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\local\apps\Virtualbox'
388	2af0.2ae8: '\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe' has no imports
389	2af0.2ae8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe)
390	2af0.2ae8: SUPR3HardenedMain: Respawn #2
391	2af0.2ae8: supR3HardNtEnableThreadCreation:
392	2af0.2ae8: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll)
393	2af0.2ae8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
394	2af0.2ae8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
395	2af0.2ae8: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
396	2af0.2ae8: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
397	2af0.2ae8: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll [lacks WinVerifyTrust]
398	2af0.2ae8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\WINDOWS\system32\apphelp.dll'
399	2af0.2ae8: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a7a360 pvNtTerminateThread=0000000077a9c260
400	2af0.2ae8: supR3HardenedWinDoReSpawn(2): New child 28f8.2aa4 [kernel32].
401	2af0.2ae8: supR3HardNtChildGatherData: PebBaseAddress=000007fffffdf000 cbPeb=0x380
402	2af0.2ae8: supR3HardNtPuChFindNtdll: uNtDllParentAddr=0000000077a50000 uNtDllChildAddr=0000000077a50000
403	2af0.2ae8: supR3HardenedWinSetupChildInit: uLdrInitThunk=0000000077a7a360
404	2af0.2ae8: supR3HardenedWinSetupChildInit: Start child.
405	2af0.2ae8: supR3HardNtChildWaitFor: Found expected request 0 (PurifyChildAndCloseHandles) after 0 ms.
406	2af0.2ae8: supR3HardNtChildPurify: Startup delay kludge #1/0: 515 ms, 33 sleeps
407	2af0.2ae8: supHardNtVpScanVirtualMemory: enmKind=CHILD_PURIFICATION
408	2af0.2ae8: *0000000000000000-fffffffffffeffff 0x0001/0x0000 0x0000000
409	2af0.2ae8: *0000000000010000-fffffffffffeffff 0x0004/0x0004 0x0020000
410	2af0.2ae8: *0000000000030000-000000000002bfff 0x0002/0x0002 0x0040000
411	2af0.2ae8: 0000000000034000-0000000000027fff 0x0001/0x0000 0x0000000
412	2af0.2ae8: *0000000000040000-000000000003efff 0x0004/0x0004 0x0020000
413	2af0.2ae8: 0000000000041000-fffffffffff41fff 0x0001/0x0000 0x0000000
414	2af0.2ae8: *0000000000140000-0000000000043fff 0x0000/0x0004 0x0020000
415	2af0.2ae8: 000000000023c000-0000000000239fff 0x0104/0x0004 0x0020000
416	2af0.2ae8: 000000000023e000-000000000023bfff 0x0004/0x0004 0x0020000
417	2af0.2ae8: 0000000000240000-ffffffff88a2ffff 0x0001/0x0000 0x0000000
418	2af0.2ae8: *0000000077a50000-0000000077a50fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
419	2af0.2ae8: 0000000077a51000-0000000077b4dfff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
420	2af0.2ae8: 0000000077b4e000-0000000077b7cfff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
421	2af0.2ae8: 0000000077b7d000-0000000077b86fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
422	2af0.2ae8: 0000000077b87000-0000000077b87fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
423	2af0.2ae8: 0000000077b88000-0000000077b8afff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
424	2af0.2ae8: 0000000077b8b000-0000000077bf9fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\ntdll.dll
425	2af0.2ae8: 0000000077bfa000-0000000070813fff 0x0001/0x0000 0x0000000
426	2af0.2ae8: *000000007efe0000-000000007dfdffff 0x0000/0x0002 0x0020000
427	2af0.2ae8: *000000007ffe0000-000000007ffdefff 0x0002/0x0002 0x0020000
428	2af0.2ae8: 000000007ffe1000-000000007ffd1fff 0x0000/0x0002 0x0020000
429	2af0.2ae8: 000000007fff0000-ffffffffc0ccffff 0x0001/0x0000 0x0000000
430	2af0.2ae8: *000000013f310000-000000013f310fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
431	2af0.2ae8: 000000013f311000-000000013f37ffff 0x0020/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
432	2af0.2ae8: 000000013f380000-000000013f380fff 0x0080/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
433	2af0.2ae8: 000000013f381000-000000013f3c5fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
434	2af0.2ae8: 000000013f3c6000-000000013f3c6fff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
435	2af0.2ae8: 000000013f3c7000-000000013f3c7fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
436	2af0.2ae8: 000000013f3c8000-000000013f3ccfff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
437	2af0.2ae8: 000000013f3cd000-000000013f3cdfff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
438	2af0.2ae8: 000000013f3ce000-000000013f3cefff 0x0004/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
439	2af0.2ae8: 000000013f3cf000-000000013f3d2fff 0x0008/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
440	2af0.2ae8: 000000013f3d3000-000000013f41afff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe
441	2af0.2ae8: 000000013f41b000-fffff8037eac5fff 0x0001/0x0000 0x0000000
442	2af0.2ae8: *000007feffd70000-000007feffd70fff 0x0002/0x0080 0x1000000 \Device\HarddiskVolume2\Windows\System32\apisetschema.dll
443	2af0.2ae8: 000007feffd71000-000007fdffb31fff 0x0001/0x0000 0x0000000
444	2af0.2ae8: *000007fffffb0000-000007fffff8cfff 0x0002/0x0002 0x0040000
445	2af0.2ae8: 000007fffffd3000-000007fffffc8fff 0x0001/0x0000 0x0000000
446	2af0.2ae8: *000007fffffdd000-000007fffffdafff 0x0004/0x0004 0x0020000
447	2af0.2ae8: *000007fffffdf000-000007fffffddfff 0x0004/0x0004 0x0020000
448	2af0.2ae8: *000007fffffe0000-000007fffffcffff 0x0001/0x0002 0x0020000
449	2af0.2ae8: apisetschema.dll: timestamp 0x57f7c04d (rc=VINF_SUCCESS)
450	2af0.2ae8: VirtualBox.exe: timestamp 0x58332496 (rc=VINF_SUCCESS)
451	2af0.2ae8: '\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe' has no imports
452	2af0.2ae8: '\Device\HarddiskVolume2\Windows\System32\apisetschema.dll' has no imports
453	2af0.2ae8: '\Device\HarddiskVolume2\Windows\System32\ntdll.dll' has no imports
454	2af0.2ae8: supR3HardNtChildPurify: Done after 562 ms and 0 fixes (loop #0).
455	2af0.2ae8: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000260000 LB 0x400000)
456	28f8.2aa4: Log file opened: 5.1.10r112026 g_hStartupLog=0000000000000004 g_uNtVerCombined=0x611db100
457	28f8.2aa4: supR3HardenedVmProcessInit: uNtDllAddr=0000000077a50000 g_uNtVerCombined=0x611db100
458	2af0.2ae8: supR3HardNtEnableThreadCreation:
459	28f8.2aa4: ntdll.dll: timestamp 0x57f7c06e (rc=VINF_SUCCESS)
460	28f8.2aa4: New simple heap: #1 0000000000340000 LB 0x400000 (for 1744896 allocation)
461	28f8.2aa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\local\apps\Virtualbox'
462	28f8.2aa4: System32: \Device\HarddiskVolume2\Windows\System32
463	28f8.2aa4: WinSxS: \Device\HarddiskVolume2\Windows\winsxs
464	28f8.2aa4: KnownDllPath: C:\WINDOWS\system32
465	28f8.2aa4: supR3HardenedVmProcessInit: Opening vboxdrv...
466	28f8.2aa4: supR3HardenedVmProcessInit: Restoring LdrInitializeThunk...
467	28f8.2aa4: supR3HardenedVmProcessInit: Returning to LdrInitializeThunk...
468	28f8.2aa4: Registered Dll notification callback with NTDLL.
469	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\kernel32.dll)
470	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\kernel32.dll
471	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
472	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
473	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000077930000 LB 0x0011f000 C:\WINDOWS\system32\kernel32.dll [fFlags=0x0]
474	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
475	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd910000 LB 0x0006a000 C:\WINDOWS\system32\KERNELBASE.dll [fFlags=0x0]
476	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\KernelBase.dll)
477	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\KernelBase.dll
478	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077930000 'C:\WINDOWS\system32\kernel32.dll'
479	28f8.2aa4: supR3HardNtDisableThreadCreation: pvLdrInitThunk=0000000077a7a360 pvNtTerminateThread=0000000077a9c260
480	2af0.2ae8: supR3HardNtChildWaitFor: Found expected request 1 (CloseEvents) after 31 ms.
481	28f8.2aa4: \SystemRoot\System32\ntdll.dll:
482	28f8.2aa4: CreationTime: 2016-12-06T13:54:13.996612500Z
483	28f8.2aa4: LastWriteTime: 2016-10-07T15:35:29.838228900Z
484	28f8.2aa4: ChangeTime: 2016-12-06T14:34:54.832632500Z
485	28f8.2aa4: FileAttributes: 0x20
486	28f8.2aa4: Size: 0x1a7100
487	28f8.2aa4: NT Headers: 0xe0
488	28f8.2aa4: Timestamp: 0x57f7c06e
489	28f8.2aa4: Machine: 0x8664 - amd64
490	28f8.2aa4: Timestamp: 0x57f7c06e
491	28f8.2aa4: Image Version: 6.1
492	28f8.2aa4: SizeOfImage: 0x1aa000 (1744896)
493	28f8.2aa4: Resource Dir: 0x14e000 LB 0x5a028
494	28f8.2aa4: ProductName: Microsoft® Windows® Operating System
495	28f8.2aa4: ProductVersion: 6.1.7601.23569
496	28f8.2aa4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
497	28f8.2aa4: FileDescription: NT Layer DLL
498	28f8.2aa4: \SystemRoot\System32\kernel32.dll:
499	28f8.2aa4: CreationTime: 2016-12-06T13:54:13.154207100Z
500	28f8.2aa4: LastWriteTime: 2016-10-07T15:32:25.787000000Z
501	28f8.2aa4: ChangeTime: 2016-12-06T14:34:58.686906700Z
502	28f8.2aa4: FileAttributes: 0x20
503	28f8.2aa4: Size: 0x11c000
504	28f8.2aa4: NT Headers: 0xe0
505	28f8.2aa4: Timestamp: 0x57f7c0b3
506	28f8.2aa4: Machine: 0x8664 - amd64
507	28f8.2aa4: Timestamp: 0x57f7c0b3
508	28f8.2aa4: Image Version: 6.1
509	28f8.2aa4: SizeOfImage: 0x11f000 (1175552)
510	28f8.2aa4: Resource Dir: 0x116000 LB 0x528
511	28f8.2aa4: ProductName: Microsoft® Windows® Operating System
512	28f8.2aa4: ProductVersion: 6.1.7601.23569
513	28f8.2aa4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
514	28f8.2aa4: FileDescription: Windows NT BASE API Client DLL
515	28f8.2aa4: \SystemRoot\System32\KernelBase.dll:
516	28f8.2aa4: CreationTime: 2016-12-06T13:54:42.513595300Z
517	28f8.2aa4: LastWriteTime: 2016-10-07T15:32:25.802000000Z
518	28f8.2aa4: ChangeTime: 2016-12-06T14:34:58.640105800Z
519	28f8.2aa4: FileAttributes: 0x20
520	28f8.2aa4: Size: 0x66800
521	28f8.2aa4: NT Headers: 0xe8
522	28f8.2aa4: Timestamp: 0x57f7c0b4
523	28f8.2aa4: Machine: 0x8664 - amd64
524	28f8.2aa4: Timestamp: 0x57f7c0b4
525	28f8.2aa4: Image Version: 6.1
526	28f8.2aa4: SizeOfImage: 0x6a000 (434176)
527	28f8.2aa4: Resource Dir: 0x68000 LB 0x530
528	28f8.2aa4: ProductName: Microsoft® Windows® Operating System
529	28f8.2aa4: ProductVersion: 6.1.7601.23569
530	28f8.2aa4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
531	28f8.2aa4: FileDescription: Windows NT BASE API Client DLL
532	28f8.2aa4: \SystemRoot\System32\apisetschema.dll:
533	28f8.2aa4: CreationTime: 2016-12-06T13:54:39.346775000Z
534	28f8.2aa4: LastWriteTime: 2016-10-07T15:32:20.717000000Z
535	28f8.2aa4: ChangeTime: 2016-12-06T14:34:54.598628000Z
536	28f8.2aa4: FileAttributes: 0x20
537	28f8.2aa4: Size: 0x1a00
538	28f8.2aa4: NT Headers: 0xc0
539	28f8.2aa4: Timestamp: 0x57f7c04d
540	28f8.2aa4: Machine: 0x8664 - amd64
541	28f8.2aa4: Timestamp: 0x57f7c04d
542	28f8.2aa4: Image Version: 6.1
543	28f8.2aa4: SizeOfImage: 0x50000 (327680)
544	28f8.2aa4: Resource Dir: 0x30000 LB 0x3f8
545	28f8.2aa4: ProductName: Microsoft® Windows® Operating System
546	28f8.2aa4: ProductVersion: 6.1.7601.23569
547	28f8.2aa4: FileVersion: 6.1.7601.23569 (win7sp1_ldr.161007-0600)
548	28f8.2aa4: FileDescription: ApiSet Schema DLL
549	28f8.2aa4: Found driver mfewfpk (0x20)
550	28f8.2aa4: Found driver mfehidk (0x20)
551	28f8.2aa4: Found driver mfeavfk (0x20)
552	28f8.2aa4: Found driver mfefirek (0x20)
553	28f8.2aa4: supR3HardenedWinFindAdversaries: 0x20
554	28f8.2aa4: \SystemRoot\System32\drivers\mfeavfk.sys:
555	28f8.2aa4: CreationTime: 2016-10-22T05:17:09.511250000Z
556	28f8.2aa4: LastWriteTime: 2016-10-22T05:16:44.230000000Z
557	28f8.2aa4: ChangeTime: 2016-11-10T18:19:49.912409800Z
558	28f8.2aa4: FileAttributes: 0x20
559	28f8.2aa4: Size: 0x55328
560	28f8.2aa4: NT Headers: 0xe8
561	28f8.2aa4: Timestamp: 0x56b28095
562	28f8.2aa4: Machine: 0x8664 - amd64
563	28f8.2aa4: Timestamp: 0x56b28095
564	28f8.2aa4: Image Version: 0.0
565	28f8.2aa4: SizeOfImage: 0x57000 (356352)
566	28f8.2aa4: Resource Dir: 0x55000 LB 0x758
567	28f8.2aa4: ProductName: SYSCORE
568	28f8.2aa4: ProductVersion: 15.4.0.811
569	28f8.2aa4: FileVersion: SYSCORE.15.4.0.811
570	28f8.2aa4: PrivateBuild: SYSCORE.15.4.0.811 F15,F16,F19
571	28f8.2aa4: FileDescription: Anti-Virus File System Filter Driver
572	28f8.2aa4: \SystemRoot\System32\drivers\mfefirek.sys:
573	28f8.2aa4: CreationTime: 2016-10-22T05:17:35.042500000Z
574	28f8.2aa4: LastWriteTime: 2016-10-22T05:16:45.058125000Z
575	28f8.2aa4: ChangeTime: 2016-11-10T18:19:49.943789600Z
576	28f8.2aa4: FileAttributes: 0x20
577	28f8.2aa4: Size: 0x78728
578	28f8.2aa4: NT Headers: 0xe8
579	28f8.2aa4: Timestamp: 0x56b280ed
580	28f8.2aa4: Machine: 0x8664 - amd64
581	28f8.2aa4: Timestamp: 0x56b280ed
582	28f8.2aa4: Image Version: 0.0
583	28f8.2aa4: SizeOfImage: 0x7b000 (503808)
584	28f8.2aa4: Resource Dir: 0x77000 LB 0x388
585	28f8.2aa4: ProductName: SYSCORE
586	28f8.2aa4: ProductVersion: 15.4.0.811
587	28f8.2aa4: FileVersion: SYSCORE.15.4.0.811
588	28f8.2aa4: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
589	28f8.2aa4: FileDescription: McAfee Core Firewall Engine Driver
590	28f8.2aa4: \SystemRoot\System32\drivers\mfehidk.sys:
591	28f8.2aa4: CreationTime: 2016-10-22T05:17:07.526875000Z
592	28f8.2aa4: LastWriteTime: 2016-10-22T05:16:44.464375000Z
593	28f8.2aa4: ChangeTime: 2016-11-10T18:19:49.990579600Z
594	28f8.2aa4: FileAttributes: 0x20
595	28f8.2aa4: Size: 0xcd528
596	28f8.2aa4: NT Headers: 0x100
597	28f8.2aa4: Timestamp: 0x56b28053
598	28f8.2aa4: Machine: 0x8664 - amd64
599	28f8.2aa4: Timestamp: 0x56b28053
600	28f8.2aa4: Image Version: 0.0
601	28f8.2aa4: SizeOfImage: 0xd9000 (888832)
602	28f8.2aa4: Resource Dir: 0xd5000 LB 0x758
603	28f8.2aa4: ProductName: SYSCORE
604	28f8.2aa4: ProductVersion: 15.4.0.811
605	28f8.2aa4: FileVersion: SYSCORE.15.4.0.811
606	28f8.2aa4: PrivateBuild: SYSCORE.15.4.0.811 F14,F15,F16,F18,F20
607	28f8.2aa4: FileDescription: McAfee Link Driver
608	28f8.2aa4: \SystemRoot\System32\drivers\mfewfpk.sys:
609	28f8.2aa4: CreationTime: 2016-10-22T05:16:57.245625000Z
610	28f8.2aa4: LastWriteTime: 2016-10-22T05:16:44.636250000Z
611	28f8.2aa4: ChangeTime: 2016-11-10T18:19:50.021832500Z
612	28f8.2aa4: FileAttributes: 0x20
613	28f8.2aa4: Size: 0x3b728
614	28f8.2aa4: NT Headers: 0xf0
615	28f8.2aa4: Timestamp: 0x56b28063
616	28f8.2aa4: Machine: 0x8664 - amd64
617	28f8.2aa4: Timestamp: 0x56b28063
618	28f8.2aa4: Image Version: 0.0
619	28f8.2aa4: SizeOfImage: 0x59000 (364544)
620	28f8.2aa4: Resource Dir: 0x57000 LB 0x380
621	28f8.2aa4: ProductName: SYSCORE
622	28f8.2aa4: ProductVersion: 15.4.0.811
623	28f8.2aa4: FileVersion: SYSCORE.15.4.0.811
624	28f8.2aa4: PrivateBuild: SYSCORE.15.4.0.811 F17,F18
625	28f8.2aa4: FileDescription: Anti-Virus Mini-Firewall Driver
626	28f8.2aa4: supR3HardenedWinInitAppBin(0x0): '\Device\HarddiskVolume2\local\apps\Virtualbox'
627	28f8.2aa4: Calling main()
628	28f8.2aa4: SUPR3HardenedMain: pszProgName=VirtualBox fFlags=0x2
629	28f8.2aa4: supR3HardenedWinInitAppBin(0x2): '\Device\HarddiskVolume2\local\apps\Virtualbox'
630	28f8.2aa4: '\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe' has no imports
631	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.exe)
632	28f8.2aa4: SUPR3HardenedMain: Final process, opening VBoxDrv...
633	28f8.2aa4: supR3HardenedEarlyCompact: Removed heap 1 (0x00000000340000 LB 0x400000)
634	28f8.2aa4: supR3HardNtEnableThreadCreation:
635	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll)
636	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll
637	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023b781:<flags> [calling]
638	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
639	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefa310000 LB 0x00005000 C:\local\apps\Virtualbox\VBoxSupLib.DLL [fFlags=0x0]
640	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
641	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
642	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000238f01:<flags> [calling]
643	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa310000 'C:\local\apps\Virtualbox\VBoxSupLib.DLL'
644	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll [lacks WinVerifyTrust]
645	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSupLib.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000238f01:<flags> [calling]
646	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa310000 'C:\local\apps\Virtualbox\VBoxSupLib.DLL'
647	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa310000 'C:\local\apps\Virtualbox\VBoxSupLib.DLL'
648	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
649	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'crypt32.dll'.
650	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
651	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
652	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\wintrust.dll)
653	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wintrust.dll
654	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
655	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
656	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll)
657	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
658	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
659	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
660	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msasn1.dll)
661	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msasn1.dll
662	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
663	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
664	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
665	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msasn1.dll'.
666	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\crypt32.dll)
667	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\crypt32.dll
668	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
669	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
670	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msvcrt.dll)
671	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
672	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
673	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
674	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
675	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
676	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
677	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
678	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d591:<flags> [calling]
679	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
680	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd890000 LB 0x0003b000 C:\WINDOWS\system32\Wintrust.dll [fFlags=0x0]
681	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
682	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefde20000 LB 0x0009f000 C:\WINDOWS\system32\msvcrt.dll [fFlags=0x0]
683	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
684	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd9b0000 LB 0x0016d000 C:\WINDOWS\system32\CRYPT32.dll [fFlags=0x0]
685	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
686	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd790000 LB 0x0000f000 C:\WINDOWS\system32\MSASN1.dll [fFlags=0x0]
687	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
688	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007feffbb0000 LB 0x0012d000 C:\WINDOWS\system32\RPCRT4.dll [fFlags=0x0]
689	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
690	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\WINDOWS\system32\Wintrust.dll'
691	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\bcrypt.dll)
692	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcrypt.dll
693	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d591:<flags> [calling]
694	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
695	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd0b0000 LB 0x00022000 C:\WINDOWS\system32\bcrypt.dll [fFlags=0x0]
696	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
697	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\WINDOWS\system32\bcrypt.dll'
698	28f8.2aa4: bcrypt.dll loaded at 000007fefd0b0000, BCryptOpenAlgorithmProvider at 000007fefd0b2640, preloading providers:
699	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
700	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'bcrypt.dll'.
701	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll)
702	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll
703	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
704	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
705	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
706	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
707	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
708	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
709	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
710	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\advapi32.dll)
711	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\advapi32.dll
712	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
713	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
714	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
715	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
716	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
717	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
718	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcryptprimitives.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d581:<flags> [calling]
719	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
720	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefcba0000 LB 0x0004c000 C:\WINDOWS\system32\bcryptprimitives.dll [fFlags=0x0]
721	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll [lacks WinVerifyTrust]
722	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe940000 LB 0x000db000 C:\WINDOWS\system32\ADVAPI32.dll [fFlags=0x0]
723	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
724	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
725	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'rpcrt4.dll'.
726	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\sechost.dll)
727	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\sechost.dll
728	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefdf40000 LB 0x0001f000 C:\WINDOWS\SYSTEM32\sechost.dll [fFlags=0x0]
729	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\sechost.dll [lacks WinVerifyTrust]
730	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcba0000 'C:\WINDOWS\system32\bcryptprimitives.dll'
731	28f8.2aa4: BCryptOpenAlgorithmProvider(,'MD2',0,0) -> 0x0 (hAlgo=000000000081c600)
732	28f8.2aa4: BCryptOpenAlgorithmProvider(,'MD4',0,0) -> 0x0 (hAlgo=000000000081ce90)
733	28f8.2aa4: BCryptOpenAlgorithmProvider(,'MD5',0,0) -> 0x0 (hAlgo=000000000081cfb0)
734	28f8.2aa4: BCryptOpenAlgorithmProvider(,'SHA1',0,0) -> 0x0 (hAlgo=000000000081d1c0)
735	28f8.2aa4: BCryptOpenAlgorithmProvider(,'SHA256',0,0) -> 0x0 (hAlgo=000000000081d2e0)
736	28f8.2aa4: BCryptOpenAlgorithmProvider(,'SHA512',0,0) -> 0x0 (hAlgo=000000000081d400)
737	28f8.2aa4: BCryptOpenAlgorithmProvider(,'RSA',0,0) -> 0x0 (hAlgo=000000000081d640)
738	28f8.2aa4: BCryptOpenAlgorithmProvider(,'DSA',0,0) -> 0x0 (hAlgo=000000000081d760)
739	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptsp.dll)
740	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
741	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
742	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
743	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
744	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
745	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
746	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
747	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d0e1:<flags> [calling]
748	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
749	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefcf60000 LB 0x00018000 C:\WINDOWS\system32\CRYPTSP.dll [fFlags=0x0]
750	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
751	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\CRYPTSP.dll'
752	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
753	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\rsaenh.dll)
754	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\rsaenh.dll
755	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
756	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
757	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
758	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rsaenh.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d071:<flags> [calling]
759	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
760	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefcc60000 LB 0x00047000 C:\WINDOWS\system32\rsaenh.dll [fFlags=0x0]
761	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rsaenh.dll [lacks WinVerifyTrust]
762	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcc60000 'C:\WINDOWS\system32\rsaenh.dll'
763	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
764	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c901:<flags> [calling]
765	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
766	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptbase.dll)
767	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
768	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023cc81:<flags> [calling]
769	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
770	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd5c0000 LB 0x0000f000 C:\WINDOWS\system32\CRYPTBASE.dll [fFlags=0x0]
771	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll [lacks WinVerifyTrust]
772	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5c0000 'C:\WINDOWS\system32\CRYPTBASE.dll'
773	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll [lacks WinVerifyTrust]
774	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c6b1:<flags> [calling]
775	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077930000 'C:\WINDOWS\system32\kernel32.dll'
776	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [lacks WinVerifyTrust]
777	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINTRUST.DLL (Input=WINTRUST.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d041:<flags> [calling]
778	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\WINDOWS\system32\WINTRUST.DLL'
779	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
780	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPT32.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023ce71:<flags> [calling]
781	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\WINDOWS\system32\CRYPT32.dll'
782	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
783	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'advapi32.dll'.
784	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imagehlp.dll)
785	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imagehlp.dll
786	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
787	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
788	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
789	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
790	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
791	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
792	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imagehlp.dll (Input=imagehlp.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023cec1:<flags> [calling]
793	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
794	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007feffa90000 LB 0x00019000 C:\WINDOWS\system32\imagehlp.dll [fFlags=0x0]
795	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imagehlp.dll [lacks WinVerifyTrust]
796	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffa90000 'C:\WINDOWS\system32\imagehlp.dll'
797	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll [lacks WinVerifyTrust]
798	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d011:<flags> [calling]
799	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\CRYPTSP.dll'
800	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
801	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\user32.dll)
802	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\user32.dll
803	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
804	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
805	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
806	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'lpk.dll'.
807	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gdi32.dll)
808	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gdi32.dll
809	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'lpk.dll'...
810	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'lpk.dll' -> '\Device\HarddiskVolume2\Windows\System32\lpk.dll' [rcNtRedir=0xc0150008]
811	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
812	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
813	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'usp10.dll'.
814	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\lpk.dll)
815	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\lpk.dll
816	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
817	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
818	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
819	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'usp10.dll'...
820	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'usp10.dll' -> '\Device\HarddiskVolume2\Windows\System32\usp10.dll' [rcNtRedir=0xc0150008]
821	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
822	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
823	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
824	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\usp10.dll)
825	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\usp10.dll
826	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
827	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
828	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
829	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
830	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
831	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
832	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
833	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
834	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
835	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
836	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
837	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
838	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
839	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
840	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
841	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USER32.dll (Input=USER32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023cb41:<flags> [calling]
842	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
843	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000077830000 LB 0x000fa000 C:\WINDOWS\system32\USER32.dll [fFlags=0x0]
844	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
845	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefea60000 LB 0x00067000 C:\WINDOWS\system32\GDI32.dll [fFlags=0x0]
846	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
847	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe630000 LB 0x0000e000 C:\WINDOWS\system32\LPK.dll [fFlags=0x0]
848	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\lpk.dll [lacks WinVerifyTrust]
849	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe640000 LB 0x000ca000 C:\WINDOWS\system32\USP10.dll [fFlags=0x0]
850	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\usp10.dll [lacks WinVerifyTrust]
851	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
852	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\gdi32.dll (Input=gdi32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c041:<flags> [calling]
853	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
854	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'user32.dll'.
855	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
856	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msctf.dll'.
857	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\imm32.dll)
858	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\imm32.dll
859	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msctf.dll'...
860	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msctf.dll' -> '\Device\HarddiskVolume2\Windows\System32\msctf.dll' [rcNtRedir=0xc0150008]
861	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
862	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
863	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
864	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'imm32.dll'.
865	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\msctf.dll)
866	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msctf.dll
867	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
868	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
869	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
870	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
871	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
872	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
873	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
874	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
875	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
876	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
877	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
878	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
879	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
880	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
881	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
882	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
883	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
884	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
885	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IMM32.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023b981:<flags> [calling]
886	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
887	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefea20000 LB 0x0002e000 C:\WINDOWS\system32\IMM32.DLL [fFlags=0x0]
888	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\imm32.dll [lacks WinVerifyTrust]
889	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe250000 LB 0x00109000 C:\WINDOWS\system32\MSCTF.dll [fFlags=0x0]
890	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msctf.dll [lacks WinVerifyTrust]
891	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea20000 'C:\WINDOWS\system32\IMM32.DLL'
892	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> -23303 (\Device\HarddiskVolume2\Windows\System32\nvinitx.dll)
893	28f8.2aa4: Error (rc=0):
894	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23303 (0xffffa4f9) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\nvinitx.dll: fKeyUsage=0x0, missing 0x1: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
895	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nvinitx.dll
896	28f8.2aa4: Error (rc=0):
897	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\nvinitx.dll' (C:\WINDOWS\system32\nvinitx.dll): rcNt=0xc0000190
898	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\nvinitx.dll'
899	28f8.2aa4: \Device\HarddiskVolume2\Windows\System32\AMInit64.dll: Owner is administrators group.
900	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> -23021 (\Device\HarddiskVolume2\Windows\System32\AMInit64.dll)
901	28f8.2aa4: Error (rc=0):
902	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: rc=Unknown Status -23021 (0xffffa613) fImage=1 fProtect=0x0 fAccess=0x0 \Device\HarddiskVolume2\Windows\System32\AMInit64.dll: None of the 1 path(s) have a trust anchor.: \Device\HarddiskVolume2\Windows\System32\AMInit64.dll
903	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AMInit64.dll
904	28f8.2aa4: Error (rc=0):
905	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: rejecting 'C:\WINDOWS\system32\AMINIT64.DLL': rcNt=0xc0000190
906	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000190 'C:\WINDOWS\system32\AMINIT64.DLL'
907	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077830000 'C:\WINDOWS\system32\USER32.dll'
908	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'bcrypt.dll'.
909	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
910	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msasn1.dll'.
911	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\ncrypt.dll)
912	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ncrypt.dll
913	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msasn1.dll'...
914	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msasn1.dll' -> '\Device\HarddiskVolume2\Windows\System32\msasn1.dll' [rcNtRedir=0xc0150008]
915	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msasn1.dll [lacks WinVerifyTrust]
916	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
917	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
918	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
919	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'bcrypt.dll'...
920	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'bcrypt.dll' -> '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll' [rcNtRedir=0xc0150008]
921	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
922	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ncrypt.dll (Input=ncrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ce41:<flags> [calling]
923	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
924	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd0e0000 LB 0x00050000 C:\WINDOWS\system32\ncrypt.dll [fFlags=0x0]
925	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\ncrypt.dll [lacks WinVerifyTrust]
926	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0e0000 'C:\WINDOWS\system32\ncrypt.dll'
927	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\bcrypt.dll [lacks WinVerifyTrust]
928	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\bcrypt.dll (Input=bcrypt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023cc31:<flags> [calling]
929	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd0b0000 'C:\WINDOWS\system32\bcrypt.dll'
930	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
931	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'rpcrt4.dll'.
932	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #18 'profapi.dll'.
933	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\userenv.dll)
934	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\userenv.dll
935	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'profapi.dll'...
936	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'profapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\profapi.dll' [rcNtRedir=0xc0150008]
937	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
938	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\profapi.dll)
939	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\profapi.dll
940	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
941	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
942	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
943	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
944	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
945	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
946	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
947	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
948	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
949	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\USERENV.dll (Input=USERENV.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c5c1:<flags> [calling]
950	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
951	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd7b0000 LB 0x0001e000 C:\WINDOWS\system32\USERENV.dll [fFlags=0x0]
952	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\userenv.dll [lacks WinVerifyTrust]
953	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd780000 LB 0x0000f000 C:\WINDOWS\system32\profapi.dll [fFlags=0x0]
954	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
955	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\WINDOWS\system32\USERENV.dll'
956	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c321:<flags> [calling]
957	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
958	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c6b1:<flags> [calling]
959	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
960	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
961	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
962	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\gpapi.dll)
963	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\gpapi.dll
964	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
965	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
966	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
967	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
968	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
969	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
970	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\GPAPI.dll (Input=GPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c8e1:<flags> [calling]
971	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
972	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefc9d0000 LB 0x0001b000 C:\WINDOWS\system32\GPAPI.dll [fFlags=0x0]
973	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gpapi.dll [lacks WinVerifyTrust]
974	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc9d0000 'C:\WINDOWS\system32\GPAPI.dll'
975	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c831:<flags> [calling]
976	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
977	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll [lacks WinVerifyTrust]
978	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\rpcrt4.dll (Input=rpcrt4.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023bf31:<flags> [calling]
979	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbb0000 'C:\WINDOWS\system32\rpcrt4.dll'
980	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L2-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c811:<flags> [calling]
981	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-Management-L2-1-0.dll'
982	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c821:<flags> [calling]
983	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
984	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
985	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
986	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'crypt32.dll'.
987	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wldap32.dll'.
988	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\cryptnet.dll)
989	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cryptnet.dll
990	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wldap32.dll'...
991	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wldap32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wldap32.dll' [rcNtRedir=0xc0150008]
992	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
993	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\Wldap32.dll)
994	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\Wldap32.dll
995	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'crypt32.dll'...
996	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'crypt32.dll' -> '\Device\HarddiskVolume2\Windows\System32\crypt32.dll' [rcNtRedir=0xc0150008]
997	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [lacks WinVerifyTrust]
998	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
999	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1000	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1001	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1002	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1003	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1004	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1005	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1006	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1007	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (Input=cryptnet.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c321:<flags> [calling]
1008	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1009	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef9230000 LB 0x00027000 C:\WINDOWS\system32\cryptnet.dll [fFlags=0x0]
1010	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1011	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007feffb50000 LB 0x00052000 C:\WINDOWS\system32\WLDAP32.dll [fFlags=0x0]
1012	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\Wldap32.dll [lacks WinVerifyTrust]
1013	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1014	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1015	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1016	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1017	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1018	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1019	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1020	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1021	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1022	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1023	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1024	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1025	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1026	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1027	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1028	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1029	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptnet.dll (rcNtResolve=0xc0150008) *pfFlags=0x2 pwszSearchPath=000000000023b551:<flags> [calling]
1030	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1031	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1032	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1033	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1034	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1035	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1036	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1037	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1038	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1039	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1040	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1041	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1042	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\cryptnet.dll [lacks WinVerifyTrust]
1043	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9230000 'C:\WINDOWS\system32\cryptnet.dll'
1044	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023bc41:<flags> [calling]
1045	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1046	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\profapi.dll [lacks WinVerifyTrust]
1047	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023bc41:<flags> [calling]
1048	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\WINDOWS\system32\profapi.dll'
1049	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1050	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
1051	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msvcrt.dll'.
1052	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\System32\shlwapi.dll)
1053	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1054	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1055	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1056	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll [lacks WinVerifyTrust]
1057	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1058	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1059	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\user32.dll [lacks WinVerifyTrust]
1060	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1061	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1062	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll [lacks WinVerifyTrust]
1063	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023b6d1:<flags> [calling]
1064	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1065	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007feffce0000 LB 0x00071000 C:\WINDOWS\system32\SHLWAPI.dll [fFlags=0x0]
1066	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll [lacks WinVerifyTrust]
1067	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffce0000 'C:\WINDOWS\system32\SHLWAPI.dll'
1068	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000000 pwszName=\SystemRoot\System32\ntdll.dll
1069	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: New context 000000000082a990
1070	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1071	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D7B2AF2FE56517E2ACF949E036476CC240908FE
1072	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c601:<flags> [calling]
1073	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
1074	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c161:<flags> [calling]
1075	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
1076	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c161:<flags> [calling]
1077	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
1078	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll [lacks WinVerifyTrust]
1079	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ADVAPI32.dll (Input=ADVAPI32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c601:<flags> [calling]
1080	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
1081	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c5b1:<flags> [calling]
1082	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1083	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-LSALookup-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000023c2a1:<flags> [calling]
1084	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-LSALookup-L1-1-0.dll'
1085	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\SystemRoot\System32\ntdll.dll'
1086	28f8.2aa4: g_pfnWinVerifyTrust=000007fefd891010
1087	28f8.2aa4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll [redoing WinVerifyTrust]
1088	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e0 pwszName=\Device\HarddiskVolume2\Windows\System32\crypt32.dll
1089	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1090	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1091	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3AF990F37D753AA60690FC7939ADB03EE893B58C
1092	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_300_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1093	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1094	28f8.2aa4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\crypt32.dll'
1095	28f8.2aa4: supR3HardenedScreenImage/preload: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll [redoing WinVerifyTrust]
1096	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d4 pwszName=\Device\HarddiskVolume2\Windows\System32\wintrust.dll
1097	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1098	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1099	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C8A284C43D9CD4E55273B385170EFA8FC455EB8C
1100	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1101	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1102	28f8.2aa4: supR3HardenedScreenImage/preload: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\wintrust.dll'
1103	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003cc pwszName=\Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1104	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1105	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1106	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0AB8D9C9D3E1FC95D01F9A984B16ED031BB40CD8
1107	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1108	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1109	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll'
1110	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003c0 pwszName=\Device\HarddiskVolume2\Windows\System32\Wldap32.dll
1111	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1112	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1113	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=87E73086F2528CF31D3AD5F0D71E04F8B942D5D8
1114	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1115	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1116	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\Wldap32.dll'
1117	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000003bc pwszName=\Device\HarddiskVolume2\Windows\System32\cryptnet.dll
1118	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1119	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1120	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67EE3A294226F707ED5FD1E644414962E2DF2864
1121	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1122	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1123	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptnet.dll'
1124	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000027c pwszName=\Device\HarddiskVolume2\Windows\System32\gpapi.dll
1125	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1126	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1127	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=EBDAA16C3FD93DFF9C20BA3B2689DFF4C8D31061
1128	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_115_for_KB3159398~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1129	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1130	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gpapi.dll'
1131	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e8 pwszName=\Device\HarddiskVolume2\Windows\System32\profapi.dll
1132	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1133	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1134	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2449672745D9BA339420451D13FA0380AA768231
1135	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1136	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1137	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\profapi.dll'
1138	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001e4 pwszName=\Device\HarddiskVolume2\Windows\System32\userenv.dll
1139	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1140	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1141	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D3E1A2CC7367F751C19EBF4E6EDF5E9A10E47313
1142	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1143	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1144	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\userenv.dll'
1145	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001c0 pwszName=\Device\HarddiskVolume2\Windows\System32\ncrypt.dll
1146	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1147	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1148	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6BB6B4B9063A10A5AC1EDE35F603A79C0421DC1D
1149	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1150	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1151	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\ncrypt.dll'
1152	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a8 pwszName=\Device\HarddiskVolume2\Windows\System32\msctf.dll
1153	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1154	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1155	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6D141A0C50E469CDD81DC8293CF8B3635FE0240E
1156	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1157	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1158	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msctf.dll'
1159	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a4 pwszName=\Device\HarddiskVolume2\Windows\System32\imm32.dll
1160	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1161	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1162	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6EEE1AB3B6D79AFF857940FF5F51ED27698153EC
1163	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1164	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1165	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imm32.dll'
1166	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000001a0 pwszName=\Device\HarddiskVolume2\Windows\System32\usp10.dll
1167	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1168	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1169	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31498ABFB06219E83141E0AA8B2A55C4CECFD033
1170	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3108670~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1171	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1172	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\usp10.dll'
1173	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000019c pwszName=\Device\HarddiskVolume2\Windows\System32\lpk.dll
1174	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1175	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1176	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6476128ECFCCBBE98E9D88478BD4355574A990C2
1177	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1178	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1179	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\lpk.dll'
1180	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000198 pwszName=\Device\HarddiskVolume2\Windows\System32\gdi32.dll
1181	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1182	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1183	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C26B6C5525D45228994D185B3C08A3BC03FF6AFF
1184	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3164035~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1185	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1186	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\gdi32.dll'
1187	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000194 pwszName=\Device\HarddiskVolume2\Windows\System32\user32.dll
1188	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1189	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1190	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A50DB67CFDA2B98A4E5A869EC667DB8F8F0786A5
1191	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3185911~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\user32.dll'
1192	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1193	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\user32.dll'
1194	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000190 pwszName=\Device\HarddiskVolume2\Windows\System32\imagehlp.dll
1195	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1196	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1197	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2702EE05F1B717B0F2CE0FBE32784A47B8419DCA
1198	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_2_for_KB2893294~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1199	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1200	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\imagehlp.dll'
1201	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000134 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptbase.dll
1202	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1203	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1204	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=0E413B883493D97795E0B55A38CBE79167A5930B
1205	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1206	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1207	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptbase.dll'
1208	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rsaenh.dll'
1209	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000130 pwszName=\Device\HarddiskVolume2\Windows\System32\cryptsp.dll
1210	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1211	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1212	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CECCA98E04985A576883E9A9AD8AF2140526B576
1213	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1214	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1215	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\cryptsp.dll'
1216	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000120 pwszName=\Device\HarddiskVolume2\Windows\System32\sechost.dll
1217	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1218	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1219	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB669FA8DB80F8E50A29D055BB8D558E10E5E6B4
1220	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_85_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1221	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1222	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\sechost.dll'
1223	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000011c pwszName=\Device\HarddiskVolume2\Windows\System32\advapi32.dll
1224	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1225	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1226	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E4EE697F80E721EB7360DB40DCE1F1FD473FD915
1227	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_303_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1228	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1229	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\advapi32.dll'
1230	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcryptprimitives.dll'
1231	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000104 pwszName=\Device\HarddiskVolume2\Windows\System32\bcrypt.dll
1232	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1233	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1234	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=62E377A1F0AD0C2EDC0A73CB3EFF841FF18D00D2
1235	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1236	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1237	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\bcrypt.dll'
1238	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000e4 pwszName=\Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1239	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1240	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1241	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2CA2FD632B264C063162F71474266E3615B6420C
1242	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB2654428~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1243	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1244	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll'
1245	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000dc pwszName=\Device\HarddiskVolume2\Windows\System32\msasn1.dll
1246	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1247	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1248	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F2FF57DC30D774F93061607060DAA0DD15E39CCE
1249	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1250	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1251	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\msasn1.dll'
1252	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000000d8 pwszName=\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1253	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1254	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1255	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=CB69D2586C4D23312076E677AE166F560B92B6EE
1256	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1257	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1258	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll'
1259	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSupLib.dll'
1260	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000028 pwszName=\Device\HarddiskVolume2\Windows\System32\KernelBase.dll
1261	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1262	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1263	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6DDE3D8D254B3D658CFEA97EBCA8B1609224CF94
1264	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1265	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1266	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\KernelBase.dll'
1267	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000020 pwszName=\Device\HarddiskVolume2\Windows\System32\kernel32.dll
1268	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1269	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1270	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7A6110AE55384DC5D9B4DD697AE74FC7E61FF36D
1271	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1272	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1273	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 22900) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\Windows\System32\kernel32.dll'
1274	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1275	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c0b1:<flags> [calling]
1276	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\WINDOWS\system32\crypt32.dll'
1277	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x78cb9f45f57dbc00 CN=WSUS Publishers Self-signed
1278	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x5ad46780fa5df300 DC=com, DC=microsoft, CN=Microsoft Root Certificate Authority
1279	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xea5386456178582b C=ZA, ST=Western Cape, L=Durbanville, O=Thawte, OU=Thawte Certification, CN=Thawte Timestamping CA
1280	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x3be670c1bd02a900 OU=Copyright (c) 1997 Microsoft Corp., OU=Microsoft Corporation, CN=Microsoft Root Authority
1281	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x2fb3137a2f3fd32f C=US, O=OpenDNS Global Network, CN=OpenDNS 2016 CA
1282	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x4d3835aa4180b200 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2011
1283	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x6ded11c97009a300 CN=BSkyB Root CA
1284	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x646e3fe3ba08df00 C=US, O=MSFT, CN=Microsoft Authenticode(tm) Root Authority
1285	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x3304182dc45346cd C=US, O=OpenDNS Global Network, CN=OpenDNS 2015 CA
1286	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x566d870f5916c400 C=US, O=OpenDNS Global Network, CN=OpenDNS CA
1287	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xece4e4289e08b900 C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Root Certificate Authority 2010
1288	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x43a9cc371ff5385a O=Microsoft Trust Network, OU=Microsoft Corporation, OU=Microsoft Time Stamping Service Root, OU=Copyright (c) 1997 Microsoft Corp.
1289	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x2e2d2c7c68f0202e O=VeriSign Trust Network, OU=VeriSign, Inc., OU=VeriSign Time Stamping Service Root, OU=NO LIABILITY ACCEPTED, (c)97 VeriSign, Inc.
1290	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xd8dbfb2c27bfb200 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2008 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA - G3
1291	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x61a3a33f81aace00 C=US, ST=UT, L=Salt Lake City, O=The USERTRUST Network, OU=http://www.usertrust.com, CN=UTN-USERFirst-Object
1292	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x57ba5395b561bf00 C=BM, O=QuoVadis Limited, OU=Root Certification Authority, CN=QuoVadis Root Certification Authority
1293	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xf4fd306318ccda00 C=US, O=GeoTrust Inc., CN=GeoTrust Global CA
1294	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x83085097e9afdf00 O=Digital Signature Trust Co., CN=DST Root CA X3
1295	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x780679907625cc00 OU=GlobalSign Root CA - R3, O=GlobalSign, CN=GlobalSign
1296	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x3d98ab22bb04a300 C=IE, O=Baltimore, OU=CyberTrust, CN=Baltimore CyberTrust Root
1297	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xa0ee62086758b15d C=US, O=Equifax, OU=Equifax Secure Certificate Authority
1298	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xd944bca189a00 C=BM, O=QuoVadis Limited, CN=QuoVadis Root CA 2
1299	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x8ff6fc03c1edbd00 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., CN=Starfield Root Certificate Authority - G2
1300	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xc6fa4243b695b600 C=US, O=Entrust, Inc., OU=www.entrust.net/CPS is incorporated by reference, OU=(c) 2006 Entrust, Inc., CN=Entrust Root Certification Authority
1301	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xa3ce8d99e60eda00 C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA
1302	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x560ad29254e89100 C=GB, ST=Greater Manchester, L=Salford, O=COMODO CA Limited, CN=COMODO RSA Certification Authority
1303	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xa671e9fec832b700 C=US, O=Starfield Technologies, Inc., OU=Starfield Class 2 Certification Authority
1304	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xa8de7211e13be200 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global Root CA
1305	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x7ae89c50f0b6a00f C=US, O=GTE Corporation, OU=GTE CyberTrust Solutions, Inc., CN=GTE CyberTrust Global Root
1306	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xd45980fbf0a0ac00 C=US, O=thawte, Inc., OU=Certification Services Division, OU=(c) 2006 thawte, Inc. - For authorized use only, CN=thawte Primary Root CA
1307	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xc9edb72b684ba00 C=US, O=Entrust, Inc., OU=See www.entrust.net/legal-terms, OU=(c) 2009 Entrust, Inc. - for authorized use only, CN=Entrust Root Certification Authority - G2
1308	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xf5cd95e581a4ab00 C=US, O=SecureTrust Corporation, CN=SecureTrust CA
1309	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x14018a1bf29e595c C=US, O=VeriSign, Inc., OU=Class 3 Public Primary Certification Authority
1310	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x9e5bc2d78b6a3636 C=ZA, ST=Western Cape, L=Cape Town, O=Thawte Consulting cc, OU=Certification Services Division, CN=Thawte Premium Server CA, Email=premium-server@thawte.com
1311	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x7c4fd32ec1b1ce00 C=PL, O=Unizeto Sp. z o.o., CN=Certum CA
1312	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xd4fbe673e5ccc600 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert High Assurance EV Root CA
1313	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x16e64d2a56ccf200 C=US, ST=Arizona, L=Scottsdale, O=Starfield Technologies, Inc., OU=http://certificates.starfieldtech.com/repository/, CN=Starfield Services Root Certificate Authority
1314	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xb28612a94b4dad00 O=Entrust.net, OU=www.entrust.net/CPS_2048 incorp. by ref. (limits liab.), OU=(c) 1999 Entrust.net Limited, CN=Entrust.net Certification Authority (2048)
1315	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x357a29080824af00 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2006 VeriSign, Inc. - For authorized use only, CN=VeriSign Class 3 Public Primary Certification Authority - G5
1316	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x59faf1086271bf00 C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., CN=Go Daddy Root Certificate Authority - G2
1317	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x466cbc09db88c100 C=IL, O=StartCom Ltd., OU=Secure Digital Certificate Signing, CN=StartCom Certification Authority
1318	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x3401b15e3761c700 C=US, O=VeriSign, Inc., OU=VeriSign Trust Network, OU=(c) 2008 VeriSign, Inc. - For authorized use only, CN=VeriSign Universal Root Certification Authority
1319	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x7cd4ff7b15b8be00 C=US, O=GeoTrust Inc., CN=GeoTrust Primary Certification Authority
1320	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x491857ead79dde00 C=US, O=The Go Daddy Group, Inc., OU=Go Daddy Class 2 Certification Authority
1321	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xc2ba72a37dfbe300 C=PL, O=Unizeto Technologies S.A., OU=Certum Certification Authority, CN=Certum Trusted Network CA
1322	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x8043e4ce150ead00 C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Assured ID Root CA
1323	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x331d58625ee2dc00 C=US, O=GeoTrust Inc., OU=(c) 2008 GeoTrust Inc. - For authorized use only, CN=GeoTrust Primary Certification Authority - G3
1324	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xf2e6331af7b700 C=SE, O=AddTrust AB, OU=AddTrust External TTP Network, CN=AddTrust External CA Root
1325	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x6ded11c97009a300 CN=BSkyB Root CA
1326	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0xe22ff11422069400 C=GB, O=SkyBet, OU=PKI, CN=SBROOTCA
1327	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x6ded11c97009a300 CN=BSkyB Root CA
1328	28f8.2aa4: supR3HardenedWinIsDesiredRootCA: Adding 0x7594ebb1f606bb00 CN=NEW-BSKYB-ROOTCA
1329	28f8.2aa4: supR3HardenedWinRetrieveTrustedRootCAs: cAdded=52
1330	28f8.2aa4: SUPR3HardenedMain: Load Runtime...
1331	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1332	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
1333	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
1334	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
1335	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll) WinVerifyTrust
1336	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1337	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1338	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1339	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1340	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1341	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1342	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000468 pwszName=\Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1343	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1344	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1345	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=901DCB8172024F14E25295BF5692180F12FC8C18
1346	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\ws2_32.dll'
1347	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1348	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1349	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #16 'rpcrt4.dll'.
1350	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #17 'nsi.dll'.
1351	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ws2_32.dll) WinVerifyTrust
1352	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1353	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1354	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
1355	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
1356	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll) WinVerifyTrust
1357	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1358	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1359	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1360	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll) WinVerifyTrust
1361	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1362	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1363	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1364	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1365	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
1366	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
1367	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000046c pwszName=\Device\HarddiskVolume2\Windows\System32\nsi.dll
1368	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1369	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1370	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=7AFD8538945F2D05BC1AF949B9B19B7D2D9FBBF8
1371	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\nsi.dll'
1372	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1373	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\nsi.dll) WinVerifyTrust
1374	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\nsi.dll
1375	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1376	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1377	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
1378	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1379	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1380	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
1381	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c3d1:<flags> [calling]
1382	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1383	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee7fe0000 LB 0x00527000 C:\local\apps\Virtualbox\VBoxRT.dll [fFlags=0x0]
1384	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1385	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1386	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000051a70000 LB 0x000d2000 C:\local\apps\Virtualbox\MSVCR100.dll [fFlags=0x0]
1387	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1388	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1389	28f8.2aa4: supR3HardenedDllNotificationCallback: load 00000000519d0000 LB 0x00098000 C:\local\apps\Virtualbox\MSVCP100.dll [fFlags=0x0]
1390	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1391	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefead0000 LB 0x0004d000 C:\WINDOWS\system32\WS2_32.dll [fFlags=0x0]
1392	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1393	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefea50000 LB 0x00008000 C:\WINDOWS\system32\NSI.dll [fFlags=0x0]
1394	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
1395	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1396	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1397	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1398	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1399	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1400	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1401	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1402	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1403	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1404	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1405	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1406	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1407	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1408	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1409	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1410	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1411	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1412	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1413	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1414	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1415	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1416	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1417	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1418	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1419	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1420	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1421	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1422	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1423	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1424	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1425	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1426	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1427	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1428	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1429	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1430	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1431	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1432	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1433	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1434	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1435	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1436	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1437	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1438	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxRT.dll
1439	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxRT.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000239b11:<flags> [calling]
1440	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1441	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1442	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1443	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee7fe0000 'C:\local\apps\Virtualbox\VBoxRT.dll'
1444	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wintrust.dll
1445	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Wintrust.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023df31:<flags> [calling]
1446	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd890000 'C:\WINDOWS\system32\Wintrust.dll'
1447	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
1448	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ca91:<flags> [calling]
1449	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\WINDOWS\system32\crypt32.dll'
1450	28f8.2aa4: SUPR3HardenedMain: Load TrustedMain...
1451	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'opengl32.dll'.
1452	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
1453	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcp100.dll'.
1454	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1455	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1456	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5guivbox.dll'.
1457	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'qt5widgetsvbox.dll'.
1458	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'qt5printsupportvbox.dll'.
1459	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5openglvbox.dll'.
1460	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'user32.dll'.
1461	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #11 'advapi32.dll'.
1462	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'shell32.dll'.
1463	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ole32.dll'.
1464	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #14 'oleaut32.dll'.
1465	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #15 'winmm.dll'.
1466	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.dll) WinVerifyTrust
1467	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.dll
1468	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
1469	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
1470	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004d0 pwszName=\Device\HarddiskVolume2\Windows\System32\winmm.dll
1471	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1472	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1473	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=82E2B2A7826F88BEB98FFF0540C9BDB0A12F001A
1474	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winmm.dll'
1475	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1476	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1477	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1478	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winmm.dll) WinVerifyTrust
1479	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winmm.dll
1480	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1481	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1482	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004b0 pwszName=\Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1483	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1484	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1485	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6C3B3967CA9D3D145651C5098BAF1C0EA892DB24
1486	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\oleaut32.dll'
1487	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1488	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1489	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
1490	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1491	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1492	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'gdi32.dll'.
1493	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\oleaut32.dll) WinVerifyTrust
1494	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1495	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1496	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1497	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004c4 pwszName=\Device\HarddiskVolume2\Windows\System32\ole32.dll
1498	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1499	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1500	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=796B1965C19A0614793EA3630408324B2CFA32D2
1501	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_87_for_KB3146706~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\ole32.dll'
1502	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1503	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1504	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'gdi32.dll'.
1505	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #25 'user32.dll'.
1506	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #26 'rpcrt4.dll'.
1507	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ole32.dll) WinVerifyTrust
1508	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ole32.dll
1509	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1510	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1511	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004dc pwszName=\Device\HarddiskVolume2\Windows\System32\shell32.dll
1512	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1513	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1514	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F13C2B4E594038A8834146A1D81AAE9B43ED8649
1515	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_41_for_KB3184143~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\shell32.dll'
1516	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1517	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1518	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #21 'shlwapi.dll'.
1519	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #23 'user32.dll'.
1520	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #24 'gdi32.dll'.
1521	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\shell32.dll) WinVerifyTrust
1522	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\shell32.dll
1523	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1524	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1525	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1526	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1527	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1528	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
1529	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
1530	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'qt5widgetsvbox.dll'.
1531	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'qt5guivbox.dll'.
1532	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5corevbox.dll'.
1533	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcr100.dll'.
1534	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\Qt5OpenGLVBox.dll) WinVerifyTrust
1535	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5OpenGLVBox.dll
1536	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5printsupportvbox.dll'...
1537	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5printsupportvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5printsupportvbox.dll' [rcNtRedir=0xc0150008]
1538	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1539	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1540	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5widgetsvbox.dll'.
1541	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5guivbox.dll'.
1542	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1543	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winspool.drv'.
1544	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'comdlg32.dll'.
1545	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcr100.dll'.
1546	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\Qt5PrintSupportVBox.dll) WinVerifyTrust
1547	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5PrintSupportVBox.dll
1548	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1549	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1550	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
1551	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1552	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'qt5guivbox.dll'.
1553	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
1554	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shell32.dll'.
1555	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1556	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1557	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll) WinVerifyTrust
1558	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
1559	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1560	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1561	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'ole32.dll'.
1562	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1563	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1564	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1565	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5corevbox.dll'.
1566	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'msvcp100.dll'.
1567	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'msvcr100.dll'.
1568	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll) WinVerifyTrust
1569	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1570	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1571	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1572	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
1573	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shell32.dll'.
1574	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
1575	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
1576	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
1577	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'mpr.dll'.
1578	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'msvcp100.dll'.
1579	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'msvcr100.dll'.
1580	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll) WinVerifyTrust
1581	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1582	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1583	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1584	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1585	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1586	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
1587	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1588	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
1589	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
1590	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1591	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1592	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000508 pwszName=\Device\HarddiskVolume2\Windows\System32\opengl32.dll
1593	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1594	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1595	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=608AC397FCC42B9FBAE25CB8C25EAF4C19AA384D
1596	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\opengl32.dll'
1597	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1598	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1599	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1600	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1601	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'glu32.dll'.
1602	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'ddraw.dll'.
1603	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'user32.dll'.
1604	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\opengl32.dll) WinVerifyTrust
1605	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1606	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1607	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1608	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ddraw.dll'...
1609	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ddraw.dll' -> '\Device\HarddiskVolume2\Windows\System32\ddraw.dll' [rcNtRedir=0xc0150008]
1610	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000004fc pwszName=\Device\HarddiskVolume2\Windows\System32\ddraw.dll
1611	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1612	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1613	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=24C763EA54CD792A0F1618411061DC356EE31FF6
1614	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\ddraw.dll'
1615	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1616	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1617	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1618	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'dciman32.dll'.
1619	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1620	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
1621	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
1622	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ddraw.dll) WinVerifyTrust
1623	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1624	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'glu32.dll'...
1625	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'glu32.dll' -> '\Device\HarddiskVolume2\Windows\System32\glu32.dll' [rcNtRedir=0xc0150008]
1626	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000500 pwszName=\Device\HarddiskVolume2\Windows\System32\glu32.dll
1627	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1628	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1629	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=60E45AB914E06A11F44EA76C6EF750AF892F9EA2
1630	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\glu32.dll'
1631	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1632	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1633	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'opengl32.dll'.
1634	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1635	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\glu32.dll) WinVerifyTrust
1636	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\glu32.dll
1637	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1638	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1639	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1640	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1641	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1642	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1643	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1644	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1645	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1646	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1647	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1648	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1649	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
1650	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1651	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mpr.dll'...
1652	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'mpr.dll' -> '\Device\HarddiskVolume2\Windows\System32\mpr.dll' [rcNtRedir=0xc0150008]
1653	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000518 pwszName=\Device\HarddiskVolume2\Windows\System32\mpr.dll
1654	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1655	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1656	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F84FE9BA047B24E7694C9E0C349B48B9FD5F925B
1657	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\mpr.dll'
1658	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1659	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mpr.dll) WinVerifyTrust
1660	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mpr.dll
1661	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
1662	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
1663	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
1664	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1665	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1666	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
1667	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1668	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1669	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1670	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1671	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1672	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1673	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1674	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1675	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1676	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1677	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1678	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1679	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
1680	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1681	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1682	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1683	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1684	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1685	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1686	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1687	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1688	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1689	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1690	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1691	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1692	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1693	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1694	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1695	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1696	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1697	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
1698	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
1699	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
1700	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1701	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1702	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1703	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1704	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1705	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1706	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1707	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1708	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1709	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1710	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1711	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1712	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1713	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1714	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1715	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
1716	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comdlg32.dll'...
1717	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comdlg32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comdlg32.dll' [rcNtRedir=0xc0150008]
1718	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000524 pwszName=\Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1719	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1720	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1721	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=66EE5BDFFA413AEA9E1FE7838A08646E94136DA5
1722	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\comdlg32.dll'
1723	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1724	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1725	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'shlwapi.dll'.
1726	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1727	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
1728	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'comctl32.dll'.
1729	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
1730	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comdlg32.dll) WinVerifyTrust
1731	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
1732	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winspool.drv'...
1733	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winspool.drv' -> '\Device\HarddiskVolume2\Windows\System32\winspool.drv' [rcNtRedir=0xc0150008]
1734	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000528 pwszName=\Device\HarddiskVolume2\Windows\System32\winspool.drv
1735	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1736	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1737	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=C89A2ED7B99A056D78CA6BAC9CCAB8B1FF119A14
1738	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\winspool.drv'
1739	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1740	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1741	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
1742	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
1743	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winspool.drv) WinVerifyTrust
1744	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winspool.drv
1745	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1746	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1747	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1748	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1749	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1750	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1751	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1752	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1753	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
1754	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1755	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1756	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1757	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1758	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
1759	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
1760	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
1761	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
1762	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1763	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
1764	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
1765	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1766	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
1767	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
1768	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
1769	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1770	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1771	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1772	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1773	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1774	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1775	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1776	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1777	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1778	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1779	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1780	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1781	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1782	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
1783	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1784	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1785	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1786	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1787	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1788	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1789	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1790	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1791	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1792	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1793	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1794	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1795	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
1796	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
1797	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1798	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1799	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1800	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1801	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1802	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1803	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1804	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1805	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1806	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1807	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1808	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
1809	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
1810	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1811	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'comctl32.dll'...
1812	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'comctl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\comctl32.dll' [rcNtRedir=0x0]
1813	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000051c pwszName=\Device\HarddiskVolume2\Windows\System32\comctl32.dll
1814	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1815	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1816	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=761964761EE466757E306124E042F4C2ACBEA092
1817	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\comctl32.dll'
1818	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1819	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
1820	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1821	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1822	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\comctl32.dll) WinVerifyTrust
1823	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\comctl32.dll
1824	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1825	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1826	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
1827	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1828	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1829	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
1830	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
1831	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
1832	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1833	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1834	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1835	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1836	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
1837	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
1838	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1839	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1840	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1841	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
1842	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
1843	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000530 pwszName=\Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1844	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1845	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1846	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F3F3D4867E9140896E0742D7EE8AE1D01FE85ECE
1847	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3078667~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\dwmapi.dll'
1848	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1849	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1850	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
1851	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
1852	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dwmapi.dll) WinVerifyTrust
1853	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1854	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
1855	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
1856	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000052c pwszName=\Device\HarddiskVolume2\Windows\System32\setupapi.dll
1857	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1858	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1859	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1499C4FEA6E143F9BEC35B4FFA098917D3A6EBF2
1860	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\setupapi.dll'
1861	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1862	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'cfgmgr32.dll'.
1863	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcrt.dll'.
1864	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'gdi32.dll'.
1865	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
1866	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'user32.dll'.
1867	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'oleaut32.dll'.
1868	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'devobj.dll'.
1869	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\setupapi.dll) WinVerifyTrust
1870	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1871	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1872	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1873	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dciman32.dll'...
1874	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'dciman32.dll' -> '\Device\HarddiskVolume2\Windows\System32\dciman32.dll' [rcNtRedir=0xc0150008]
1875	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000540 pwszName=\Device\HarddiskVolume2\Windows\System32\dciman32.dll
1876	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1877	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1878	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=31A74D9F0CD6EDF8FC5A0A644C3B997ABF30083E
1879	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_139_for_KB3197868~31bf3856ad364e35~amd64~~6.1.1.5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dciman32.dll'
1880	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1881	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1882	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'gdi32.dll'.
1883	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
1884	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dciman32.dll) WinVerifyTrust
1885	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1886	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1887	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1888	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1889	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1890	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1891	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1892	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1893	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1894	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1895	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1896	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'devobj.dll'...
1897	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'devobj.dll' -> '\Device\HarddiskVolume2\Windows\System32\devobj.dll' [rcNtRedir=0xc0150008]
1898	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000548 pwszName=\Device\HarddiskVolume2\Windows\System32\devobj.dll
1899	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1900	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1901	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B410A095222E69F0ECE7D66E4AC27A7125D2EB5A
1902	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\devobj.dll'
1903	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1904	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1905	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'cfgmgr32.dll'.
1906	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\devobj.dll) WinVerifyTrust
1907	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\devobj.dll
1908	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
1909	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
1910	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1911	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1912	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1913	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1914	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1915	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1916	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1917	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1918	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1919	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1920	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1921	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000053c pwszName=\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1922	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
1923	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
1924	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=8F731777EFC4BC982C1E1467FBF29A74CC14D93A
1925	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll'
1926	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
1927	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
1928	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
1929	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
1930	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll) WinVerifyTrust
1931	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1932	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1933	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1934	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1935	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1936	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1937	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1938	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
1939	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
1940	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
1941	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
1942	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1943	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1944	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
1945	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
1946	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
1947	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
1948	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1949	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1950	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'cfgmgr32.dll'...
1951	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'cfgmgr32.dll' -> '\Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll' [rcNtRedir=0xc0150008]
1952	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1953	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
1954	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
1955	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VirtualBox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c3e1:<flags> [calling]
1956	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.dll
1957	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fed9070000 LB 0x008e6000 C:\local\apps\Virtualbox\VirtualBox.dll [fFlags=0x0]
1958	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VirtualBox.dll
1959	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1960	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee5d90000 LB 0x0011d000 C:\WINDOWS\system32\OPENGL32.dll [fFlags=0x0]
1961	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
1962	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1963	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee7ee0000 LB 0x0002d000 C:\WINDOWS\system32\GLU32.dll [fFlags=0x0]
1964	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\glu32.dll
1965	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1966	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee5c90000 LB 0x000f1000 C:\WINDOWS\system32\DDRAW.dll [fFlags=0x0]
1967	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ddraw.dll
1968	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1969	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee7f30000 LB 0x00008000 C:\WINDOWS\system32\DCIMAN32.dll [fFlags=0x0]
1970	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dciman32.dll
1971	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefeb20000 LB 0x001d7000 C:\WINDOWS\system32\SETUPAPI.dll [fFlags=0x0]
1972	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
1973	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd8d0000 LB 0x00036000 C:\WINDOWS\system32\CFGMGR32.dll [fFlags=0x0]
1974	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
1975	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe170000 LB 0x000da000 C:\WINDOWS\system32\OLEAUT32.dll [fFlags=0x0]
1976	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
1977	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefdf60000 LB 0x00203000 C:\WINDOWS\system32\ole32.dll [fFlags=0x0]
1978	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
1979	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd990000 LB 0x0001a000 C:\WINDOWS\system32\DEVOBJ.dll [fFlags=0x0]
1980	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\devobj.dll
1981	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1982	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefb420000 LB 0x00018000 C:\WINDOWS\system32\dwmapi.dll [fFlags=0x0]
1983	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
1984	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1985	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000051460000 LB 0x00566000 C:\local\apps\Virtualbox\Qt5CoreVBox.dll [fFlags=0x0]
1986	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
1987	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefed00000 LB 0x00d8a000 C:\WINDOWS\system32\SHELL32.dll [fFlags=0x0]
1988	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
1989	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1990	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef41d0000 LB 0x00018000 C:\WINDOWS\system32\MPR.dll [fFlags=0x0]
1991	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mpr.dll
1992	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1993	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fed8a70000 LB 0x005f7000 C:\local\apps\Virtualbox\Qt5GuiVBox.dll [fFlags=0x0]
1994	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
1995	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
1996	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000050ef0000 LB 0x00561000 C:\local\apps\Virtualbox\Qt5WidgetsVBox.dll [fFlags=0x0]
1997	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
1998	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5PrintSupportVBox.dll
1999	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee8940000 LB 0x00051000 C:\local\apps\Virtualbox\Qt5PrintSupportVBox.dll [fFlags=0x0]
2000	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5PrintSupportVBox.dll
2001	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2002	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefad70000 LB 0x00071000 C:\WINDOWS\system32\WINSPOOL.DRV [fFlags=0x0]
2003	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winspool.drv
2004	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007feffab0000 LB 0x00097000 C:\WINDOWS\system32\COMDLG32.dll [fFlags=0x0]
2005	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\comdlg32.dll
2006	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'advapi32.dll'.
2007	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'gdi32.dll'.
2008	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2009	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 22900 (\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll)
2010	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll
2011	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefadf0000 LB 0x000a0000 C:\WINDOWS\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\COMCTL32.dll [fFlags=0x0]
2012	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (Unknown Status 22900 (0x5974)) on \Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll [avoiding WinVerifyTrust]
2013	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5OpenGLVBox.dll
2014	28f8.2aa4: supR3HardenedDllNotificationCallback: load 0000000050e90000 LB 0x00054000 C:\local\apps\Virtualbox\Qt5OpenGLVBox.dll [fFlags=0x0]
2015	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5OpenGLVBox.dll
2016	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2017	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefae90000 LB 0x0003b000 C:\WINDOWS\system32\WINMM.dll [fFlags=0x0]
2018	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2019	28f8.2aa4: Detected loader lock ownership: rc=Unknown Status 22900 (0x5974) '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll'.
2020	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 22900 (was 22900) fWinVerifyTrust=0 for '\Device\HarddiskVolume2\Windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_a4d981ff711297b6\comctl32.dll' [rescheduled]
2021	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2022	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2023	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2024	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2025	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2026	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2027	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2028	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\imm32.dll (Input=imm32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023b9b1:<flags> [calling]
2029	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea20000 'C:\WINDOWS\system32\imm32.dll'
2030	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.DLL'
2031	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2032	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\cryptbase.dll (Input=cryptbase.dll, rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2033	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5c0000 'C:\WINDOWS\system32\cryptbase.dll'
2034	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed9070000 'C:\local\apps\Virtualbox\VirtualBox.dll'
2035	28f8.2aa4: SUPR3HardenedMain: Calling TrustedMain (000007fed9071610)...
2036	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2037	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ole32.dll (Input=ole32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023dce1:<flags> [calling]
2038	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
2039	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
2040	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\profapi.dll
2041	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\profapi.dll (Input=profapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023c3c1:<flags> [calling]
2042	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd780000 'C:\WINDOWS\system32\profapi.dll'
2043	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'gdi32.dll'.
2044	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2045	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
2046	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'imm32.dll'.
2047	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'winmm.dll'.
2048	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2049	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'shell32.dll'.
2050	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2051	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'qt5guivbox.dll'.
2052	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'qt5corevbox.dll'.
2053	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'msvcr100.dll'.
2054	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\platforms\qwindows.dll) WinVerifyTrust
2055	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\platforms\qwindows.dll
2056	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2057	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2058	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2059	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2060	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
2061	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5guivbox.dll'...
2062	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5guivbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5guivbox.dll' [rcNtRedir=0xc0150008]
2063	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5GuiVBox.dll
2064	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2065	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2066	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2067	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2068	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2069	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2070	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2071	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2072	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
2073	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
2074	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2075	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'imm32.dll'...
2076	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'imm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\imm32.dll' [rcNtRedir=0xc0150008]
2077	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\imm32.dll
2078	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2079	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2080	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2081	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2082	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2083	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2084	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2085	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\platforms\qwindows.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023e6b1:<flags> [calling]
2086	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\platforms\qwindows.dll
2087	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fee86f0000 LB 0x0012e000 C:\local\apps\Virtualbox\platforms\qwindows.dll [fFlags=0x0]
2088	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\platforms\qwindows.dll
2089	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee86f0000 'C:\local\apps\Virtualbox\platforms\qwindows.dll'
2090	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptbase.dll
2091	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTBASE.dll (Input=CRYPTBASE.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023e5e1:<flags> [calling]
2092	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5c0000 'C:\WINDOWS\system32\CRYPTBASE.dll'
2093	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005e4 pwszName=\Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2094	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2095	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2096	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=936D45CC7026757A151F62882B557DD75D5FCB21
2097	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\uxtheme.dll'
2098	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2099	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2100	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2101	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'gdi32.dll'.
2102	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\uxtheme.dll) WinVerifyTrust
2103	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2104	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2105	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2106	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2107	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2108	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2109	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2110	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023e0b1:<flags> [calling]
2111	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2112	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefbeb0000 LB 0x00056000 C:\WINDOWS\system32\uxtheme.dll [fFlags=0x0]
2113	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2114	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbeb0000 'C:\WINDOWS\system32\uxtheme.dll'
2115	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2116	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023daf1:<flags> [calling]
2117	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbeb0000 'C:\WINDOWS\system32\uxtheme.dll'
2118	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2119	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d861:<flags> [calling]
2120	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbeb0000 'C:\WINDOWS\system32\uxtheme.dll'
2121	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2122	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023d861:<flags> [calling]
2123	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbeb0000 'C:\WINDOWS\system32\uxtheme.dll'
2124	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077830000 'C:\WINDOWS\system32\user32.dll'
2125	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2126	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023e8f1:<flags> [calling]
2127	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed00000 'C:\WINDOWS\system32\shell32.dll'
2128	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: error opening 'C:\WINDOWS\system32\wintab32.dll': 0 (NtPath=\??\C:\WINDOWS\system32\wintab32.dll; Input=C:\WINDOWS\system32\wintab32.dll; rcNtGetDll=0x0
2129	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wintab32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023e7d1:<flags> [calling]
2130	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0xc0000135 'C:\WINDOWS\system32\wintab32.dll'
2131	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2132	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ed11:<flags> [calling]
2133	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
2134	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2135	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ed11:<flags> [calling]
2136	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
2137	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2138	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\shell32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023eff1:<flags> [calling]
2139	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed00000 'C:\WINDOWS\system32\shell32.dll'
2140	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\uxtheme.dll
2141	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\uxtheme.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023efc1:<flags> [calling]
2142	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbeb0000 'C:\WINDOWS\system32\uxtheme.dll'
2143	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\advapi32.dll'
2144	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\userenv.dll
2145	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\userenv.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ef21:<flags> [calling]
2146	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd7b0000 'C:\WINDOWS\system32\userenv.dll'
2147	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\kernel32.dll
2148	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\kernel32.dll (Input=kernel32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023f001:<flags> [calling]
2149	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077930000 'C:\WINDOWS\system32\kernel32.dll'
2150	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000005ec pwszName=\Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2151	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2152	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2153	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B01469787CE9D8C6FEE98FB207652B88B8494526
2154	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\clbcatq.dll'
2155	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2156	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2157	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2158	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2159	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2160	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2161	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
2162	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\clbcatq.dll) WinVerifyTrust
2163	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2164	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2165	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2166	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2167	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2168	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2169	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2170	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2171	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
2172	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2173	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2174	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2175	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2176	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2177	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2178	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2179	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msvcrt.dll
2180	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CLBCatQ.DLL (Input=CLBCatQ.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023bd81:<flags> [calling]
2181	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2182	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefe8a0000 LB 0x00099000 C:\WINDOWS\system32\CLBCatQ.DLL [fFlags=0x0]
2183	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\clbcatq.dll
2184	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe8a0000 'C:\WINDOWS\system32\CLBCatQ.DLL'
2185	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
2186	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cryptsp.dll
2187	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CRYPTSP.dll (Input=CRYPTSP.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023ab71:<flags> [calling]
2188	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf60000 'C:\WINDOWS\system32\CRYPTSP.dll'
2189	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=000000000000062c pwszName=\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2190	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2191	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2192	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DFC4A7C7E103D324218E6EF5D219B953746D6EC1
2193	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll'
2194	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2195	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'rpcrt4.dll'.
2196	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll) WinVerifyTrust
2197	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2198	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2199	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2200	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\RpcRtRemote.dll (Input=RpcRtRemote.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023a741:<flags> [calling]
2201	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2202	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd5d0000 LB 0x00014000 C:\WINDOWS\system32\RpcRtRemote.dll [fFlags=0x0]
2203	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\RpcRtRemote.dll
2204	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd5d0000 'C:\WINDOWS\system32\RpcRtRemote.dll'
2205	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2206	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2207	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2208	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
2209	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2210	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2211	28f8.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxC.dll) WinVerifyTrust
2212	28f8.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxC.dll
2213	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2214	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2215	28f8.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2216	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2217	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2218	28f8.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2219	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2220	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2221	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2222	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2223	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2224	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
2225	28f8.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
2226	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2227	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2228	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxC.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004abeb01:<flags> [calling]
2229	28f8.26bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxC.dll
2230	28f8.26bc: supR3HardenedDllNotificationCallback: load 000007fed6c80000 LB 0x004f5000 C:\local\apps\Virtualbox\VBoxC.dll [fFlags=0x0]
2231	28f8.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxC.dll
2232	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6c80000 'C:\local\apps\Virtualbox\VBoxC.dll'
2233	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2234	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2235	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
2236	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'shlwapi.dll'.
2237	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ole32.dll'.
2238	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'oleaut32.dll'.
2239	28f8.26bc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
2240	28f8.26bc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxProxyStub.dll) WinVerifyTrust
2241	28f8.26bc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxProxyStub.dll
2242	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2243	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2244	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2245	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2246	28f8.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2247	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2248	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2249	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2250	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2251	28f8.26bc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2252	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2253	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2254	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2255	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2256	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2257	28f8.26bc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2258	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxProxyStub.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004abd621:<flags> [calling]
2259	28f8.26bc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxProxyStub.dll
2260	28f8.26bc: supR3HardenedDllNotificationCallback: load 000007fee8630000 LB 0x000b5000 C:\local\apps\Virtualbox\VBoxProxyStub.dll [fFlags=0x0]
2261	28f8.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxProxyStub.dll
2262	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee8630000 'C:\local\apps\Virtualbox\VBoxProxyStub.dll'
2263	28f8.26bc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2264	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: pName=C:\Windows\system32\oleaut32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000004abd4a1:<flags> [calling]
2265	28f8.26bc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe170000 'C:\Windows\system32\oleaut32.dll'
2266	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
2267	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
2268	28f8.1448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2269	28f8.1448: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2270	28f8.1448: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll) WinVerifyTrust
2271	28f8.1448: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2272	28f8.1448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2273	28f8.1448: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2274	28f8.1448: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2275	28f8.1448: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2276	28f8.1448: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000452a191:<flags> [calling]
2277	28f8.1448: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2278	28f8.1448: supR3HardenedDllNotificationCallback: load 000007fefa300000 LB 0x0000d000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL [fFlags=0x0]
2279	28f8.1448: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.dll
2280	28f8.1448: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa300000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxPuelMain.DLL'
2281	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxoglhostcrutil.dll'.
2282	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2283	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'msvcr100.dll'.
2284	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'qt5corevbox.dll'.
2285	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'qt5openglvbox.dll'.
2286	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'qt5widgetsvbox.dll'.
2287	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'opengl32.dll'.
2288	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxTestOGL.exe)
2289	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxTestOGL.exe
2290	28f8.2aa4: supR3HardenedWinVerifyCacheProcessWvtTodos: 0 (was 0) fWinVerifyTrust=1 for '\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxTestOGL.exe'
2291	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d4 pwszName=\Device\HarddiskVolume2\Windows\System32\apphelp.dll
2292	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2293	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2294	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=279DFE2A04C40CE4B22260C26A5BB57DF440B52E
2295	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3107998~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\apphelp.dll'
2296	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2297	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\apphelp.dll) WinVerifyTrust
2298	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2299	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2300	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2301	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2302	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5widgetsvbox.dll'...
2303	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5widgetsvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5widgetsvbox.dll' [rcNtRedir=0xc0150008]
2304	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5WidgetsVBox.dll
2305	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5openglvbox.dll'...
2306	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5openglvbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5openglvbox.dll' [rcNtRedir=0xc0150008]
2307	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5OpenGLVBox.dll
2308	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'qt5corevbox.dll'...
2309	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'qt5corevbox.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\qt5corevbox.dll' [rcNtRedir=0xc0150008]
2310	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\Qt5CoreVBox.dll
2311	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2312	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2313	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2314	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2315	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2316	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2317	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2318	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2319	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'shlwapi.dll'.
2320	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2321	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll) WinVerifyTrust
2322	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2323	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2324	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2325	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2326	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shlwapi.dll'...
2327	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'shlwapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\shlwapi.dll' [rcNtRedir=0xc0150008]
2328	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
2329	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2330	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2331	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2332	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2333	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\apphelp.dll (rcNtResolve=0xc0150008) *pfFlags=0xffffffff pwszSearchPath=0000000000000000:<flags> [calling]
2334	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2335	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefd560000 LB 0x00057000 C:\WINDOWS\system32\apphelp.dll [fFlags=0x0]
2336	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\apphelp.dll
2337	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd560000 'C:\WINDOWS\system32\apphelp.dll'
2338	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
2339	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msctf.dll
2340	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MSCTF.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000023a251:<flags> [calling]
2341	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe250000 'C:\WINDOWS\system32\MSCTF.dll'
2342	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
2343	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
2344	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OLEAUT32.dll (Input=OLEAUT32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000237ef1:<flags> [calling]
2345	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe170000 'C:\WINDOWS\system32\OLEAUT32.dll'
2346	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e4 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2347	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2348	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2349	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=9D23EA973FAFAFAD87237AB3723340580276449F
2350	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll'
2351	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2352	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2353	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2354	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'oleaut32.dll'.
2355	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2356	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'wbemcomn2.dll'.
2357	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'advapi32.dll'.
2358	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll) WinVerifyTrust
2359	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2360	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2361	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2362	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
2363	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
2364	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009d0 pwszName=\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2365	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2366	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2367	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4FBA45F4BB79A35153BA469FD01507C644BE39AB
2368	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll'
2369	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2370	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2371	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ole32.dll'.
2372	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'oleaut32.dll'.
2373	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
2374	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll) WinVerifyTrust
2375	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2376	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2377	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2378	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2379	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2380	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2381	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2382	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2383	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2384	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2385	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2386	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2387	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2388	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2389	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2390	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2391	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2392	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2393	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2394	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000236811:<flags> [calling]
2395	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2396	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fefa010000 LB 0x0000e000 C:\WINDOWS\system32\wbem\wbemprox.dll [fFlags=0x0]
2397	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemprox.dll
2398	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2399	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef9f90000 LB 0x0007d000 C:\WINDOWS\system32\wbemcomn2.dll [fFlags=0x0]
2400	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2401	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa010000 'C:\WINDOWS\system32\wbem\wbemprox.dll'
2402	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a18 pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2403	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2404	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2405	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=77AE9E0AB565BD4B55146072708C69CC76B02AEC
2406	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll'
2407	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2408	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2409	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'advapi32.dll'.
2410	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
2411	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll) WinVerifyTrust
2412	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2413	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2414	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2415	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\rpcrt4.dll
2416	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2417	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2418	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2419	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2420	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\wbemsvc.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000236421:<flags> [calling]
2421	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2422	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef3a20000 LB 0x00014000 C:\WINDOWS\system32\wbem\wbemsvc.dll [fFlags=0x0]
2423	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\wbemsvc.dll
2424	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef3a20000 'C:\WINDOWS\system32\wbem\wbemsvc.dll'
2425	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000a1c pwszName=\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2426	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2427	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2428	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F312241187BEEDD628B7F991D95066A380534AC2
2429	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\WIN8IP-Microsoft-Windows-WMI-Package~31bf3856ad364e35~amd64~~7.1.7601.16398.cat'; file='\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll'
2430	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2431	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2432	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'oleaut32.dll'.
2433	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'ole32.dll'.
2434	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'wbemcomn2.dll'.
2435	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2436	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ntdsapi.dll'.
2437	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll) WinVerifyTrust
2438	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2439	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ntdsapi.dll'...
2440	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ntdsapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll' [rcNtRedir=0xc0150008]
2441	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000009e8 pwszName=\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2442	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2443	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2444	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=67C74E045820FCAB3FC8AD5C180928A20C1F11CE
2445	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll'
2446	28f8.2aa4: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2447	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2448	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #12 'rpcrt4.dll'.
2449	28f8.2aa4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #13 'ws2_32.dll'.
2450	28f8.2aa4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ntdsapi.dll) WinVerifyTrust
2451	28f8.2aa4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2452	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2453	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2454	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wbemcomn2.dll'...
2455	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'wbemcomn2.dll' -> '\Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll' [rcNtRedir=0xc0150008]
2456	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbemcomn2.dll
2457	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2458	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2459	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2460	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2461	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2462	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2463	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2464	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2465	28f8.2aa4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2466	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2467	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2468	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2469	28f8.2aa4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2470	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wbem\fastprox.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000000236421:<flags> [calling]
2471	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2472	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef98e0000 LB 0x000d4000 C:\WINDOWS\system32\wbem\fastprox.dll [fFlags=0x0]
2473	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wbem\fastprox.dll
2474	28f8.2aa4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2475	28f8.2aa4: supR3HardenedDllNotificationCallback: load 000007fef98b0000 LB 0x00027000 C:\WINDOWS\system32\NTDSAPI.dll [fFlags=0x0]
2476	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ntdsapi.dll
2477	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef98e0000 'C:\WINDOWS\system32\wbem\fastprox.dll'
2478	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe170000 'C:\WINDOWS\system32\OLEAUT32.dll'
2479	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2480	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrem.dll'.
2481	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2482	28f8.2bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll) WinVerifyTrust
2483	28f8.2bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2484	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2485	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2486	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrem.dll'...
2487	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrem.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrem.dll' [rcNtRedir=0xc0150008]
2488	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'vboxrt.dll'.
2489	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2490	28f8.2bd4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'msvcrt.dll'.
2491	28f8.2bd4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxREM.dll) WinVerifyTrust
2492	28f8.2bd4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxREM.dll
2493	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2494	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2495	28f8.2bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
2496	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2497	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2498	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2499	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2500	28f8.2bd4: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2501	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2502	28f8.2bd4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2503	28f8.2bd4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000006aae701:<flags> [calling]
2504	28f8.2bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2505	28f8.2bd4: supR3HardenedDllNotificationCallback: load 000007fed3bb0000 LB 0x0029d000 C:\local\apps\Virtualbox\VBoxVMM.DLL [fFlags=0x0]
2506	28f8.2bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2507	28f8.2bd4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxREM.dll
2508	28f8.2bd4: supR3HardenedDllNotificationCallback: load 000000006f500000 LB 0x0010b000 C:\local\apps\Virtualbox\VBoxREM.dll [fFlags=0x0]
2509	28f8.2bd4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxREM.dll
2510	28f8.2bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3bb0000 'C:\local\apps\Virtualbox\VBoxVMM.DLL'
2511	28f8.2aa4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
2512	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINMM.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000002360b1:<flags> [calling]
2513	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\WINMM.dll'
2514	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe170000 'C:\WINDOWS\system32\OLEAUT32.DLL'
2515	28f8.2804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2516	28f8.2804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2517	28f8.2804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2518	28f8.2804: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2519	28f8.2804: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedClipboard.dll) WinVerifyTrust
2520	28f8.2804: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedClipboard.dll
2521	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2522	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2523	28f8.2804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\user32.dll
2524	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2525	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2526	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2527	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2528	28f8.2804: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2529	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2530	28f8.2804: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2531	28f8.2804: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSharedClipboard.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007c3d721:<flags> [calling]
2532	28f8.2804: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedClipboard.dll
2533	28f8.2804: supR3HardenedDllNotificationCallback: load 000007fee4360000 LB 0x0000b000 C:\local\apps\Virtualbox\VBoxSharedClipboard.DLL [fFlags=0x0]
2534	28f8.2804: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedClipboard.dll
2535	28f8.2804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4360000 'C:\local\apps\Virtualbox\VBoxSharedClipboard.DLL'
2536	28f8.2804: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077830000 'C:\WINDOWS\system32\User32.dll'
2537	28f8.17d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2538	28f8.17d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2539	28f8.17d0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2540	28f8.17d0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDragAndDropSvc.dll) WinVerifyTrust
2541	28f8.17d0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDragAndDropSvc.dll
2542	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2543	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2544	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2545	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
2546	28f8.17d0: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll
2547	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2548	28f8.17d0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2549	28f8.17d0: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxDragAndDropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000007f7da21:<flags> [calling]
2550	28f8.17d0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDragAndDropSvc.dll
2551	28f8.17d0: supR3HardenedDllNotificationCallback: load 000007fee4350000 LB 0x0000d000 C:\local\apps\Virtualbox\VBoxDragAndDropSvc.DLL [fFlags=0x0]
2552	28f8.17d0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDragAndDropSvc.dll
2553	28f8.17d0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee4350000 'C:\local\apps\Virtualbox\VBoxDragAndDropSvc.DLL'
2554	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxTestOGL.exe
2555	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2556	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2557	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2558	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxvmm.dll'.
2559	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxoglrenderspu.dll'.
2560	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2561	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ole32.dll'.
2562	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'oleaut32.dll'.
2563	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedCrOpenGL.dll) WinVerifyTrust
2564	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedCrOpenGL.dll
2565	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2566	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2567	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2568	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2569	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2570	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2571	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglrenderspu.dll'...
2572	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglrenderspu.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxoglrenderspu.dll' [rcNtRedir=0xc0150008]
2573	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2574	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2575	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2576	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
2577	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
2578	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'advapi32.dll'.
2579	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLrenderspu.dll) WinVerifyTrust
2580	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLrenderspu.dll
2581	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2582	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2583	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2584	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2585	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2586	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2587	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2588	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2589	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2590	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2591	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2592	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2593	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2594	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2595	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2596	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2597	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2598	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2599	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2600	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2601	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2602	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2603	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2604	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSharedCrOpenGL.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829d861:<flags> [calling]
2605	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedCrOpenGL.dll
2606	28f8.818: supR3HardenedDllNotificationCallback: load 000007fed4d50000 LB 0x0010e000 C:\local\apps\Virtualbox\VBoxSharedCrOpenGL.DLL [fFlags=0x0]
2607	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedCrOpenGL.dll
2608	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2609	28f8.818: supR3HardenedDllNotificationCallback: load 000007fed7970000 LB 0x0002f000 C:\local\apps\Virtualbox\VBoxOGLhostcrutil.dll [fFlags=0x0]
2610	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2611	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLrenderspu.dll
2612	28f8.818: supR3HardenedDllNotificationCallback: load 000007fed48d0000 LB 0x00026000 C:\local\apps\Virtualbox\VBoxOGLrenderspu.dll [fFlags=0x0]
2613	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLrenderspu.dll
2614	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4d50000 'C:\local\apps\Virtualbox\VBoxSharedCrOpenGL.DLL'
2615	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLrenderspu.dll
2616	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxOGLrenderspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e6a1:<flags> [calling]
2617	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed48d0000 'C:\local\apps\Virtualbox\VBoxOGLrenderspu.dll'
2618	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2619	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxoglhostcrutil.dll'.
2620	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll) WinVerifyTrust
2621	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll
2622	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxoglhostcrutil.dll'...
2623	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxoglhostcrutil.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxoglhostcrutil.dll' [rcNtRedir=0xc0150008]
2624	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhostcrutil.dll
2625	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2626	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2627	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e641:<flags> [calling]
2628	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll
2629	28f8.818: supR3HardenedDllNotificationCallback: load 000007fed49e0000 LB 0x0001a000 C:\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll [fFlags=0x0]
2630	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll
2631	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed49e0000 'C:\local\apps\Virtualbox\VBoxOGLhosterrorspu.dll'
2632	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2633	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32/opengl32.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829c641:<flags> [calling]
2634	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2635	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32/opengl32.dll'
2636	28f8.2bcc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2637	28f8.2bcc: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dwmapi.dll (Input=dwmapi.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=0000000008baf031:<flags> [calling]
2638	28f8.2bcc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb420000 'C:\WINDOWS\system32\dwmapi.dll'
2639	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2640	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e191:<flags> [calling]
2641	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2642	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
2643	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
2644	28f8.818: \Device\HarddiskVolume2\Windows\System32\ig9icd64.dll: Owner is administrators group.
2645	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2646	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829bbc1:<flags> [calling]
2647	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\WINDOWS\system32\crypt32.dll'
2648	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'shell32.dll'.
2649	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'opengl32.dll'.
2650	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2651	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'gdi32.dll'.
2652	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2653	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'igc64.dll'.
2654	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'wtsapi32.dll'.
2655	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'dwmapi.dll'.
2656	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ig9icd64.dll) WinVerifyTrust
2657	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ig9icd64.dll
2658	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'dwmapi.dll'...
2659	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'dwmapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\dwmapi.dll' [rcNtRedir=0xc0150008]
2660	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dwmapi.dll
2661	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'wtsapi32.dll'...
2662	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'wtsapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll' [rcNtRedir=0xc0150008]
2663	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000bd8 pwszName=\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2664	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2665	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2666	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E653B4F2F82EC27E9205DC90EBEB7A5AAB37A8B0
2667	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll'
2668	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2669	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2670	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wtsapi32.dll) WinVerifyTrust
2671	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2672	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'igc64.dll'...
2673	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'igc64.dll' -> '\Device\HarddiskVolume2\Windows\System32\igc64.dll' [rcNtRedir=0xc0150008]
2674	28f8.818: \Device\HarddiskVolume2\Windows\System32\igc64.dll: Owner is administrators group.
2675	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\crypt32.dll
2676	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2677	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2678	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\crypt32.dll (Input=crypt32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829b5e1:<flags> [calling]
2679	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd9b0000 'C:\WINDOWS\system32\crypt32.dll'
2680	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\igc64.dll) WinVerifyTrust
2681	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\igc64.dll
2682	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2683	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2684	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
2685	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
2686	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2687	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2688	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'opengl32.dll'...
2689	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'opengl32.dll' -> '\Device\HarddiskVolume2\Windows\System32\opengl32.dll' [rcNtRedir=0xc0150008]
2690	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'shell32.dll'...
2691	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'shell32.dll' -> '\Device\HarddiskVolume2\Windows\System32\shell32.dll' [rcNtRedir=0xc0150008]
2692	28f8.818: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shell32.dll
2693	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\ig9icd64.dll (Input=ig9icd64.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829d9c1:<flags> [calling]
2694	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ig9icd64.dll
2695	28f8.818: supR3HardenedDllNotificationCallback: load 000007fed1730000 LB 0x00d0b000 C:\WINDOWS\system32\ig9icd64.dll [fFlags=0x0]
2696	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ig9icd64.dll
2697	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\igc64.dll
2698	28f8.818: supR3HardenedDllNotificationCallback: load 000007fedcb30000 LB 0x00e70000 C:\WINDOWS\system32\igc64.dll [fFlags=0x0]
2699	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\igc64.dll
2700	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2701	28f8.818: supR3HardenedDllNotificationCallback: load 000007fefc840000 LB 0x00011000 C:\WINDOWS\system32\WTSAPI32.dll [fFlags=0x0]
2702	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wtsapi32.dll
2703	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed1730000 'C:\WINDOWS\system32\ig9icd64.dll'
2704	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
2705	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefea60000 'C:\WINDOWS\system32\gdi32.dll'
2706	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2707	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2708	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2709	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2710	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2711	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2712	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\opengl32.dll
2713	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\OPENGL32.dll (Input=OPENGL32, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e561:<flags> [calling]
2714	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2715	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c0c pwszName=\Device\HarddiskVolume2\Windows\System32\version.dll
2716	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2717	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2718	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A3AB94A028D0330A3DBCAE54C04C648532198DB9
2719	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\version.dll'
2720	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2721	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcrt.dll'.
2722	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\version.dll) WinVerifyTrust
2723	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\version.dll
2724	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2725	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2726	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\version.dll (Input=version.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e3c1:<flags> [calling]
2727	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2728	28f8.818: supR3HardenedDllNotificationCallback: load 000007fefd6b0000 LB 0x0000c000 C:\WINDOWS\system32\version.dll [fFlags=0x0]
2729	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\version.dll
2730	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd6b0000 'C:\WINDOWS\system32\version.dll'
2731	28f8.818: supR3HardenedDllNotificationCallback: Unload 000007fefd6b0000 LB 0x0000c000 C:\WINDOWS\system32\version.dll [flags=0x0]
2732	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fee5d90000 'C:\WINDOWS\system32\OPENGL32.dll'
2733	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077830000 'C:\WINDOWS\system32\USER32.dll'
2734	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000c10 pwszName=\Device\HarddiskVolume2\Windows\System32\winsta.dll
2735	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2736	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2737	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1784FF9CB91ACF5CDF00DE84F778DD4A67C759FA
2738	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_51_for_KB2984972~31bf3856ad364e35~amd64~~6.1.1.4.cat'; file='\Device\HarddiskVolume2\Windows\System32\winsta.dll'
2739	28f8.818: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2740	28f8.818: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2741	28f8.818: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winsta.dll) WinVerifyTrust
2742	28f8.818: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winsta.dll
2743	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2744	28f8.818: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2745	28f8.818: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\WINSTA.dll (Input=WINSTA.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000829e4f1:<flags> [calling]
2746	28f8.818: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
2747	28f8.818: supR3HardenedDllNotificationCallback: load 000007fefcb30000 LB 0x0003d000 C:\WINDOWS\system32\WINSTA.dll [fFlags=0x0]
2748	28f8.818: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winsta.dll
2749	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcb30000 'C:\WINDOWS\system32\WINSTA.dll'
2750	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
2751	28f8.818: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbb0000 'C:\WINDOWS\system32\RPCRT4.dll'
2752	28f8.ee4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2753	28f8.ee4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2754	28f8.ee4: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2755	28f8.ee4: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestPropSvc.dll) WinVerifyTrust
2756	28f8.ee4: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestPropSvc.dll
2757	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2758	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2759	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2760	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
2761	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2762	28f8.ee4: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2763	28f8.ee4: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxGuestPropSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000004aecd931:<flags> [calling]
2764	28f8.ee4: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestPropSvc.dll
2765	28f8.ee4: supR3HardenedDllNotificationCallback: load 000007feda290000 LB 0x0000c000 C:\local\apps\Virtualbox\VBoxGuestPropSvc.DLL [fFlags=0x0]
2766	28f8.ee4: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestPropSvc.dll
2767	28f8.ee4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feda290000 'C:\local\apps\Virtualbox\VBoxGuestPropSvc.DLL'
2768	28f8.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2769	28f8.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'msvcp100.dll'.
2770	28f8.9b0: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2771	28f8.9b0: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestControlSvc.dll) WinVerifyTrust
2772	28f8.9b0: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestControlSvc.dll
2773	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2774	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2775	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcp100.dll'...
2776	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcp100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcp100.dll' [rcNtRedir=0xc0150008]
2777	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2778	28f8.9b0: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2779	28f8.9b0: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxGuestControlSvc.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000004b18d951:<flags> [calling]
2780	28f8.9b0: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestControlSvc.dll
2781	28f8.9b0: supR3HardenedDllNotificationCallback: load 000007fed89e0000 LB 0x0000b000 C:\local\apps\Virtualbox\VBoxGuestControlSvc.DLL [fFlags=0x0]
2782	28f8.9b0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxGuestControlSvc.dll
2783	28f8.9b0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed89e0000 'C:\local\apps\Virtualbox\VBoxGuestControlSvc.DLL'
2784	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefed00000 'C:\WINDOWS\system32\Shell32.dll'
2785	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-Win-Security-SDDL-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=00000000068897f1:<flags> [calling]
2786	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-Win-Security-SDDL-L1-1-0.dll'
2787	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2788	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxVMM.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688bb21:<flags> [calling]
2789	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3bb0000 'C:\local\apps\Virtualbox\VBoxVMM.DLL'
2790	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2791	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2792	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2793	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
2794	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
2795	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll) WinVerifyTrust
2796	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2797	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
2798	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
2799	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2800	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2801	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ole32.dll
2802	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2803	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2804	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2805	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2806	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2807	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2808	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688ccd1:<flags> [calling]
2809	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2810	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed48a0000 LB 0x0002d000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2811	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2812	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed48a0000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2813	28f8.2ba8: supR3HardenedDllNotificationCallback: Unload 000007fed48a0000 LB 0x0002d000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [flags=0x0]
2814	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2815	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2816	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2817	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'vboxddu.dll'.
2818	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'vboxdd2.dll'.
2819	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
2820	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
2821	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'ws2_32.dll'.
2822	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'ole32.dll'.
2823	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #10 'iphlpapi.dll'.
2824	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD.dll) WinVerifyTrust
2825	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD.dll
2826	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'iphlpapi.dll'...
2827	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'iphlpapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\iphlpapi.dll' [rcNtRedir=0xc0150008]
2828	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d6c pwszName=\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2829	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2830	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2831	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=3BDC72529DA09BA841BE702C4C902C8AA1242642
2832	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL'
2833	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2834	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2835	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'nsi.dll'.
2836	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winnsi.dll'.
2837	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'rpcrt4.dll'.
2838	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL) WinVerifyTrust
2839	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2840	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
2841	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
2842	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
2843	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
2844	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
2845	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2846	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2847	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2848	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2849	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2850	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxdd2.dll'...
2851	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxdd2.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxdd2.dll' [rcNtRedir=0xc0150008]
2852	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2853	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2854	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD2.dll) WinVerifyTrust
2855	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD2.dll
2856	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxddu.dll'...
2857	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxddu.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxddu.dll' [rcNtRedir=0xc0150008]
2858	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2859	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2860	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
2861	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'setupapi.dll'.
2862	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'advapi32.dll'.
2863	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDDU.dll) WinVerifyTrust
2864	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDDU.dll
2865	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2866	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2867	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
2868	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
2869	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
2870	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2871	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2872	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
2873	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
2874	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
2875	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
2876	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
2877	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
2878	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
2879	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2880	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2881	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2882	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2883	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2884	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2885	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2886	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2887	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2888	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2889	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winnsi.dll'...
2890	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winnsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\winnsi.dll' [rcNtRedir=0xc0150008]
2891	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000d58 pwszName=\Device\HarddiskVolume2\Windows\System32\winnsi.dll
2892	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
2893	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
2894	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=B28F3E0DF5586B9FB3AEAC48E4ECCA0AFB6ABD91
2895	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\winnsi.dll'
2896	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
2897	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
2898	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
2899	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'nsi.dll'.
2900	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\winnsi.dll) WinVerifyTrust
2901	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2902	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2903	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2904	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2905	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2906	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2907	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
2908	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
2909	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
2910	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
2911	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
2912	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
2913	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
2914	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxDD.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dcc1:<flags> [calling]
2915	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD.dll
2916	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed32e0000 LB 0x008c5000 C:\local\apps\Virtualbox\VBoxDD.DLL [fFlags=0x0]
2917	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD.dll
2918	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDDU.dll
2919	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fee88e0000 LB 0x00057000 C:\local\apps\Virtualbox\VBoxDDU.dll [fFlags=0x0]
2920	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDDU.dll
2921	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD2.dll
2922	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed3280000 LB 0x0005d000 C:\local\apps\Virtualbox\VBoxDD2.dll [fFlags=0x0]
2923	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD2.dll
2924	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2925	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fef9a00000 LB 0x00027000 C:\WINDOWS\system32\IPHLPAPI.DLL [fFlags=0x0]
2926	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
2927	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2928	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fef99f0000 LB 0x0000b000 C:\WINDOWS\system32\WINNSI.DLL [fFlags=0x0]
2929	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winnsi.dll
2930	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed32e0000 'C:\local\apps\Virtualbox\VBoxDD.DLL'
2931	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2932	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dcc1:<flags> [calling]
2933	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2934	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed3250000 LB 0x0002d000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL [fFlags=0x0]
2935	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.dll
2936	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3250000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxHostWebcam.DLL'
2937	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxC.dll
2938	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxC.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dcc1:<flags> [calling]
2939	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed6c80000 'C:\local\apps\Virtualbox\VBoxC.DLL'
2940	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxDD2.dll
2941	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxDD2.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dbd1:<flags> [calling]
2942	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3280000 'C:\local\apps\Virtualbox\VBoxDD2.DLL'
2943	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2944	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2945	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll) WinVerifyTrust
2946	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2947	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2948	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2949	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2950	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2951	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dbd1:<flags> [calling]
2952	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2953	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed48b0000 LB 0x0001e000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL [fFlags=0x0]
2954	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.dll
2955	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed48b0000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxEhciR3.DLL'
2956	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2957	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2958	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll) WinVerifyTrust
2959	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2960	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2961	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2962	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2963	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2964	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dbd1:<flags> [calling]
2965	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2966	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed4890000 LB 0x00017000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL [fFlags=0x0]
2967	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.dll
2968	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed4890000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxNvmeR3.DLL'
2969	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2970	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2971	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll) WinVerifyTrust
2972	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2973	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2974	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2975	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2976	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2977	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dbd1:<flags> [calling]
2978	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2979	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed3230000 LB 0x00017000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL [fFlags=0x0]
2980	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.dll
2981	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3230000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbCardReaderR3.DLL'
2982	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2983	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
2984	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll) WinVerifyTrust
2985	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2986	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
2987	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
2988	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
2989	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
2990	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dbd1:<flags> [calling]
2991	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2992	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fed3210000 LB 0x00019000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL [fFlags=0x0]
2993	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.dll
2994	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3210000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VBoxUsbWebcamR3.DLL'
2995	28f8.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
2996	28f8.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxvmm.dll'.
2997	28f8.2afc: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'vboxrt.dll'.
2998	28f8.2afc: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedFolders.dll) WinVerifyTrust
2999	28f8.2afc: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedFolders.dll
3000	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3001	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
3002	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxvmm.dll'...
3003	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxvmm.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxvmm.dll' [rcNtRedir=0xc0150008]
3004	28f8.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxVMM.dll
3005	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3006	28f8.2afc: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
3007	28f8.2afc: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll
3008	28f8.2afc: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\VBoxSharedFolders.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000524ddb51:<flags> [calling]
3009	28f8.2afc: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedFolders.dll
3010	28f8.2afc: supR3HardenedDllNotificationCallback: load 000007fed89d0000 LB 0x0000d000 C:\local\apps\Virtualbox\VBoxSharedFolders.DLL [fFlags=0x0]
3011	28f8.2afc: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\VBoxSharedFolders.dll
3012	28f8.2afc: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed89d0000 'C:\local\apps\Virtualbox\VBoxSharedFolders.DLL'
3013	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcr100.dll'.
3014	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'vboxrt.dll'.
3015	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'user32.dll'.
3016	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'advapi32.dll'.
3017	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'ws2_32.dll'.
3018	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll) WinVerifyTrust
3019	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3020	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3021	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3022	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ws2_32.dll
3023	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3024	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3025	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3026	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3027	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'vboxrt.dll'...
3028	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'vboxrt.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\vboxrt.dll' [rcNtRedir=0xc0150008]
3029	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcr100.dll'...
3030	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcr100.dll' -> '\Device\HarddiskVolume2\local\apps\Virtualbox\msvcr100.dll' [rcNtRedir=0xc0150008]
3031	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688f2b1:<flags> [calling]
3032	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3033	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007feda510000 LB 0x000e5000 C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL [fFlags=0x0]
3034	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.dll
3035	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feda510000 'C:\local\apps\Virtualbox\ExtensionPacks\Oracle_VM_VirtualBox_Extension_Pack\win.amd64\VDPluginCrypt.DLL'
3036	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3037	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\Iphlpapi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688db01:<flags> [calling]
3038	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a00000 'C:\WINDOWS\system32\Iphlpapi.dll'
3039	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec0 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3040	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3041	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3042	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=D89E2D6AED9A19082ECA108BEEF81A904C7A9756
3043	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll'
3044	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3045	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3046	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3047	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3048	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'nsi.dll'.
3049	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll) WinVerifyTrust
3050	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3051	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'nsi.dll'...
3052	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'nsi.dll' -> '\Device\HarddiskVolume2\Windows\System32\nsi.dll' [rcNtRedir=0xc0150008]
3053	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\nsi.dll
3054	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3055	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3056	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3057	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3058	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3059	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3060	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc.DLL (Input=dhcpcsvc.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688eca1:<flags> [calling]
3061	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3062	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fef89f0000 LB 0x00018000 C:\WINDOWS\system32\dhcpcsvc.DLL [fFlags=0x0]
3063	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc.dll
3064	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef89f0000 'C:\WINDOWS\system32\dhcpcsvc.DLL'
3065	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3066	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e901:<flags> [calling]
3067	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a00000 'C:\WINDOWS\system32\IPHLPAPI.DLL'
3068	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ec8 pwszName=\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3069	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3070	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3071	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A719769A21133C3F89F7BEA09AB706365F35DF8F
3072	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_26_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll'
3073	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3074	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3075	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'rpcrt4.dll'.
3076	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ws2_32.dll'.
3077	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll) WinVerifyTrust
3078	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3079	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3080	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3081	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3082	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3083	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3084	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3085	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dhcpcsvc6.DLL (Input=dhcpcsvc6.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688ec51:<flags> [calling]
3086	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3087	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fef89d0000 LB 0x00011000 C:\WINDOWS\system32\dhcpcsvc6.DLL [fFlags=0x0]
3088	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dhcpcsvc6.dll
3089	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef89d0000 'C:\WINDOWS\system32\dhcpcsvc6.DLL'
3090	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\IPHLPAPI.DLL
3091	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\IPHLPAPI.DLL (Input=IPHLPAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e971:<flags> [calling]
3092	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fef9a00000 'C:\WINDOWS\system32\IPHLPAPI.DLL'
3093	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f5c pwszName=\Device\HarddiskVolume2\Windows\System32\dsound.dll
3094	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3095	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3096	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=F6C3E3D9F8B48D816E52C31576FFFD4AF86AB813
3097	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\dsound.dll'
3098	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3099	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3100	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3101	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3102	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3103	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'winmm.dll'.
3104	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'powrprof.dll'.
3105	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\dsound.dll) WinVerifyTrust
3106	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\dsound.dll
3107	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'powrprof.dll'...
3108	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'powrprof.dll' -> '\Device\HarddiskVolume2\Windows\System32\powrprof.dll' [rcNtRedir=0xc0150008]
3109	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f60 pwszName=\Device\HarddiskVolume2\Windows\System32\powrprof.dll
3110	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3111	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3112	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=E0B7DE18787DB24DAD3580634869A9A8FF4AB48F
3113	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\powrprof.dll'
3114	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3115	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3116	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3117	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'setupapi.dll'.
3118	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\powrprof.dll) WinVerifyTrust
3119	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3120	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3121	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3122	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3123	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3124	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3125	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3126	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3127	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3128	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3129	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3130	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3131	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'setupapi.dll'...
3132	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'setupapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\setupapi.dll' [rcNtRedir=0xc0150008]
3133	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3134	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3135	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3136	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3137	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3138	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dae1:<flags> [calling]
3139	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3140	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fedfe30000 LB 0x00088000 C:\WINDOWS\System32\dsound.dll [fFlags=0x0]
3141	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3142	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3143	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefb980000 LB 0x0002c000 C:\WINDOWS\System32\POWRPROF.dll [fFlags=0x0]
3144	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\powrprof.dll
3145	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3146	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688ce51:<flags> [calling]
3147	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfe30000 'C:\WINDOWS\System32\dsound.dll'
3148	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfe30000 'C:\WINDOWS\System32\dsound.dll'
3149	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3150	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688db31:<flags> [calling]
3151	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfe30000 'C:\WINDOWS\system32\dsound.dll'
3152	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f70 pwszName=\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3153	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3154	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3155	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=704F97298D44B8146C54067788F597E0BF365197
3156	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll'
3157	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3158	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3159	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3160	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3161	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'propsys.dll'.
3162	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll) WinVerifyTrust
3163	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3164	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'propsys.dll'...
3165	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'propsys.dll' -> '\Device\HarddiskVolume2\Windows\System32\propsys.dll' [rcNtRedir=0xc0150008]
3166	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000f88 pwszName=\Device\HarddiskVolume2\Windows\System32\propsys.dll
3167	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3168	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3169	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A1594E841359779EF7EA7EBCF775D89F55388D3
3170	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\propsys.dll'
3171	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3172	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3173	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'ole32.dll'.
3174	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'oleaut32.dll'.
3175	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3176	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'rpcrt4.dll'.
3177	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\propsys.dll) WinVerifyTrust
3178	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\propsys.dll
3179	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3180	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3181	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3182	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3183	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3184	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3185	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3186	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3187	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3188	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3189	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3190	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3191	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\oleaut32.dll
3192	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3193	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3194	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3195	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3196	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\MMDevApi.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d5b1:<flags> [calling]
3197	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3198	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefb9b0000 LB 0x0004b000 C:\WINDOWS\System32\MMDevApi.dll [fFlags=0x0]
3199	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3200	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3201	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefb490000 LB 0x0012c000 C:\WINDOWS\System32\PROPSYS.dll [fFlags=0x0]
3202	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\propsys.dll
3203	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
3204	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9b0000 'C:\WINDOWS\System32\MMDevApi.dll'
3205	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
3206	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\setupapi.dll
3207	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SETUPAPI.dll (Input=SETUPAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d8c1:<flags> [calling]
3208	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefeb20000 'C:\WINDOWS\system32\SETUPAPI.dll'
3209	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\shlwapi.dll
3210	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\SHLWAPI.dll (Input=SHLWAPI.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e731:<flags> [calling]
3211	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffce0000 'C:\WINDOWS\system32\SHLWAPI.dll'
3212	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3213	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDEVAPI.DLL (Input=MMDEVAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e951:<flags> [calling]
3214	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9b0000 'C:\WINDOWS\system32\MMDEVAPI.DLL'
3215	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
3216	28f8.1ab0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\cfgmgr32.dll
3217	28f8.1ab0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\CFGMGR32.dll (Input=CFGMGR32.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000005cdcf821:<flags> [calling]
3218	28f8.1ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefd8d0000 'C:\WINDOWS\system32\CFGMGR32.dll'
3219	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3220	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e581:<flags> [calling]
3221	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3222	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-Management-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000688e3e1:<flags> [calling]
3223	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-Management-L1-1-0.dll'
3224	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=API-MS-WIN-Service-winsvc-L1-1-0.dll (rcNtResolve=0x0) *pfFlags=0x0 pwszSearchPath=000000000688e3e1:<flags> [calling]
3225	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf40000 'API-MS-WIN-Service-winsvc-L1-1-0.dll'
3226	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007feffbb0000 'C:\WINDOWS\system32\RPCRT4.dll'
3227	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3228	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\MMDevAPI.DLL (Input=MMDevAPI.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e441:<flags> [calling]
3229	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefb9b0000 'C:\WINDOWS\system32\MMDevAPI.DLL'
3230	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc0 pwszName=\Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3231	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3232	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3233	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=4B64306F5558D2DEC53CF11AAF17F02438929FDD
3234	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514.cat'; file='\Device\HarddiskVolume2\Windows\System32\wdmaud.drv'
3235	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3236	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3237	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3238	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3239	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'user32.dll'.
3240	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3241	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'ksuser.dll'.
3242	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3243	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #9 'avrt.dll'.
3244	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\wdmaud.drv) WinVerifyTrust
3245	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3246	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'avrt.dll'...
3247	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'avrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\avrt.dll' [rcNtRedir=0xc0150008]
3248	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fc4 pwszName=\Device\HarddiskVolume2\Windows\System32\avrt.dll
3249	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3250	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3251	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1362C343929DD08AB918B38DE195D1A11B1D1365
3252	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\avrt.dll'
3253	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3254	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\avrt.dll) WinVerifyTrust
3255	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\avrt.dll
3256	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3257	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3258	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3259	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ksuser.dll'...
3260	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ksuser.dll' -> '\Device\HarddiskVolume2\Windows\System32\ksuser.dll' [rcNtRedir=0xc0150008]
3261	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fb0 pwszName=\Device\HarddiskVolume2\Windows\System32\ksuser.dll
3262	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3263	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3264	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=2D99CFB3BFCA1F454FC7109DB98D18923ABBA361
3265	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_5_for_KB3110329~31bf3856ad364e35~amd64~~6.1.1.1.cat'; file='\Device\HarddiskVolume2\Windows\System32\ksuser.dll'
3266	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3267	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3268	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\ksuser.dll) WinVerifyTrust
3269	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3270	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3271	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3272	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3273	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3274	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3275	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3276	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3277	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3278	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\advapi32.dll
3279	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3280	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3281	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3282	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3283	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dfb1:<flags> [calling]
3284	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3285	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefa1d0000 LB 0x0003b000 C:\WINDOWS\system32\wdmaud.drv [fFlags=0x0]
3286	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3287	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3288	28f8.2ba8: supR3HardenedDllNotificationCallback: load 0000000074620000 LB 0x00006000 C:\WINDOWS\system32\ksuser.dll [fFlags=0x0]
3289	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\ksuser.dll
3290	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3291	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefbc00000 LB 0x00009000 C:\WINDOWS\system32\AVRT.dll [fFlags=0x0]
3292	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3293	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3294	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3295	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dfb1:<flags> [calling]
3296	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3297	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3298	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e161:<flags> [calling]
3299	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3300	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3301	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e161:<flags> [calling]
3302	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3303	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3304	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e161:<flags> [calling]
3305	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3306	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ffc pwszName=\Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3307	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3308	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3309	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=6A3BDEC1E955295C342E14C90909598248B24E5B
3310	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_134_for_KB3192403~31bf3856ad364e35~amd64~~6.1.1.2.cat'; file='\Device\HarddiskVolume2\Windows\System32\AudioSes.dll'
3311	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3312	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3313	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3314	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ole32.dll'.
3315	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'oleaut32.dll'.
3316	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'user32.dll'.
3317	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #7 'rpcrt4.dll'.
3318	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #8 'mmdevapi.dll'.
3319	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\AudioSes.dll) WinVerifyTrust
3320	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3321	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3322	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3323	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3324	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3325	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3326	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3327	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3328	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'oleaut32.dll'...
3329	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'oleaut32.dll' -> '\Device\HarddiskVolume2\Windows\System32\oleaut32.dll' [rcNtRedir=0xc0150008]
3330	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ole32.dll'...
3331	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'ole32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ole32.dll' [rcNtRedir=0xc0150008]
3332	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3333	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3334	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3335	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3336	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\AUDIOSES.DLL (Input=AUDIOSES.DLL, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e171:<flags> [calling]
3337	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3338	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefa160000 LB 0x0004f000 C:\WINDOWS\system32\AUDIOSES.DLL [fFlags=0x0]
3339	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3340	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa160000 'C:\WINDOWS\system32\AUDIOSES.DLL'
3341	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3342	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e161:<flags> [calling]
3343	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3344	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\wdmaud.drv
3345	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\wdmaud.drv (Input=wdmaud.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e161:<flags> [calling]
3346	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3347	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3348	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3349	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3350	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa1d0000 'C:\WINDOWS\system32\wdmaud.drv'
3351	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fd8 pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.drv
3352	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3353	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3354	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=522563F5384AD4C93CF5CF4EEA899D3267552328
3355	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.drv'
3356	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3357	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3358	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3359	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3360	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'msacm32.dll'.
3361	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'mmdevapi.dll'.
3362	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.drv) WinVerifyTrust
3363	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3364	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'mmdevapi.dll'...
3365	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'mmdevapi.dll' -> '\Device\HarddiskVolume2\Windows\System32\mmdevapi.dll' [rcNtRedir=0xc0150008]
3366	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\MMDevAPI.dll
3367	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msacm32.dll'...
3368	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msacm32.dll' -> '\Device\HarddiskVolume2\Windows\System32\msacm32.dll' [rcNtRedir=0xc0150008]
3369	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000fec pwszName=\Device\HarddiskVolume2\Windows\System32\msacm32.dll
3370	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3371	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3372	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=DCA0A8AEE81B82C402AA72A300B2C8D2DC17C1DA
3373	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\msacm32.dll'
3374	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3375	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3376	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'advapi32.dll'.
3377	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'user32.dll'.
3378	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #5 'gdi32.dll'.
3379	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #6 'winmm.dll'.
3380	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\msacm32.dll) WinVerifyTrust
3381	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3382	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3383	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3384	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3385	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3386	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3387	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3388	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3389	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3390	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'gdi32.dll'...
3391	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'gdi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\gdi32.dll' [rcNtRedir=0xc0150008]
3392	28f8.2ba8: supR3HardenedScreenImage/Imports: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\gdi32.dll
3393	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3394	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3395	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'advapi32.dll'...
3396	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'advapi32.dll' -> '\Device\HarddiskVolume2\Windows\System32\advapi32.dll' [rcNtRedir=0xc0150008]
3397	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3398	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3399	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688df61:<flags> [calling]
3400	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3401	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefa140000 LB 0x0000a000 C:\WINDOWS\system32\msacm32.drv [fFlags=0x0]
3402	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3403	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3404	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefa110000 LB 0x00018000 C:\WINDOWS\system32\MSACM32.dll [fFlags=0x0]
3405	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.dll
3406	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3407	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3408	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3409	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3410	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3411	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3412	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3413	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3414	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3415	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3416	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3417	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3418	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3419	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3420	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3421	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3422	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\msacm32.drv
3423	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\msacm32.drv (Input=msacm32.drv, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d961:<flags> [calling]
3424	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3425	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3426	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3427	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa140000 'C:\WINDOWS\system32\msacm32.drv'
3428	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hFile=0000000000000ff8 pwszName=\Device\HarddiskVolume2\Windows\System32\midimap.dll
3429	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3430	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3431	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=43116C5C719A4751DA70B12932084D73D7AACEA3
3432	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\nt5.cat'; file='\Device\HarddiskVolume2\Windows\System32\midimap.dll'
3433	28f8.2ba8: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3434	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3435	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'user32.dll'.
3436	28f8.2ba8: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'winmm.dll'.
3437	28f8.2ba8: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\midimap.dll) WinVerifyTrust
3438	28f8.2ba8: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\midimap.dll
3439	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'winmm.dll'...
3440	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'winmm.dll' -> '\Device\HarddiskVolume2\Windows\System32\winmm.dll' [rcNtRedir=0xc0150008]
3441	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3442	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3443	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3444	28f8.2ba8: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3445	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688df61:<flags> [calling]
3446	28f8.2ba8: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3447	28f8.2ba8: supR3HardenedDllNotificationCallback: load 000007fefa100000 LB 0x00009000 C:\WINDOWS\system32\midimap.dll [fFlags=0x0]
3448	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3449	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa100000 'C:\WINDOWS\system32\midimap.dll'
3450	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3451	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d931:<flags> [calling]
3452	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa100000 'C:\WINDOWS\system32\midimap.dll'
3453	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3454	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688d931:<flags> [calling]
3455	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa100000 'C:\WINDOWS\system32\midimap.dll'
3456	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\midimap.dll
3457	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\midimap.dll (Input=midimap.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688df61:<flags> [calling]
3458	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa100000 'C:\WINDOWS\system32\midimap.dll'
3459	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3460	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3461	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3462	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefdf60000 'C:\WINDOWS\system32\ole32.dll'
3463	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\winmm.dll
3464	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\winmm.dll (Input=winmm.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688e581:<flags> [calling]
3465	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3466	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3467	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3468	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3469	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688db21:<flags> [calling]
3470	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfe30000 'C:\WINDOWS\system32\dsound.dll'
3471	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3472	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3473	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3474	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3475	28f8.269c: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\AudioSes.dll
3476	28f8.269c: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\audioses.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000005d6adbc1:<flags> [calling]
3477	28f8.269c: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefa160000 'C:\WINDOWS\System32\audioses.dll'
3478	28f8.2ba8: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\dsound.dll
3479	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\dsound.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000000688dcf1:<flags> [calling]
3480	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fedfe30000 'C:\WINDOWS\system32\dsound.dll'
3481	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefae90000 'C:\WINDOWS\system32\winmm.dll'
3482	28f8.2ba8: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fed3bb0000 'C:\local\apps\Virtualbox\VBoxVMM.DLL'
3483	28f8.2bd4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe170000 'C:\WINDOWS\system32\OLEAUT32.dll'
3484	28f8.2aa4: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefe940000 'C:\WINDOWS\system32\ADVAPI32.dll'
3485	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011cc pwszName=\Device\HarddiskVolume2\Windows\System32\mswsock.dll
3486	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3487	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3488	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=A0B91C962716871F5DE8282805DA288326E03A9F
3489	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Package_3_for_KB3161949~31bf3856ad364e35~amd64~~6.1.1.0.cat'; file='\Device\HarddiskVolume2\Windows\System32\mswsock.dll'
3490	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3491	28f8.498: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #0 'msvcrt.dll'.
3492	28f8.498: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #2 'user32.dll'.
3493	28f8.498: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #3 'rpcrt4.dll'.
3494	28f8.498: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #4 'ws2_32.dll'.
3495	28f8.498: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\mswsock.dll) WinVerifyTrust
3496	28f8.498: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3497	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3498	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3499	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'rpcrt4.dll'...
3500	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: 'rpcrt4.dll' -> '\Device\HarddiskVolume2\Windows\System32\rpcrt4.dll' [rcNtRedir=0xc0150008]
3501	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'user32.dll'...
3502	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: 'user32.dll' -> '\Device\HarddiskVolume2\Windows\System32\user32.dll' [rcNtRedir=0xc0150008]
3503	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'msvcrt.dll'...
3504	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: 'msvcrt.dll' -> '\Device\HarddiskVolume2\Windows\System32\msvcrt.dll' [rcNtRedir=0xc0150008]
3505	28f8.498: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\mswsock.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000005c94f211:<flags> [calling]
3506	28f8.498: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3507	28f8.498: supR3HardenedDllNotificationCallback: load 000007fefcf00000 LB 0x00055000 C:\WINDOWS\system32\mswsock.dll [fFlags=0x0]
3508	28f8.498: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\mswsock.dll
3509	28f8.498: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefcf00000 'C:\WINDOWS\system32\mswsock.dll'
3510	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: hFile=00000000000011ec pwszName=\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3511	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: Cached context 000000000082a990
3512	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: hCatAdmin=000000000082a990
3513	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: cbHash=20 wszDigest=1EFFE58BB9FD8A94FD1609B7F82A43C8E09D98AA
3514	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile: WinVerifyTrust => 0x0; cat='C:\WINDOWS\system32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\ntpe.cat'; file='\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL'
3515	28f8.498: supR3HardNtViCallWinVerifyTrustCatFile -> 0 (org 22900)
3516	28f8.498: supR3HardenedWinVerifyCacheScheduleImports: Import todo: #1 'ws2_32.dll'.
3517	28f8.498: supHardenedWinVerifyImageByHandle: -> 0 (\Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL) WinVerifyTrust
3518	28f8.498: supR3HardenedWinVerifyCacheInsert: \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3519	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: Processing 'ws2_32.dll'...
3520	28f8.498: supR3HardenedWinVerifyCacheProcessImportTodos: 'ws2_32.dll' -> '\Device\HarddiskVolume2\Windows\System32\ws2_32.dll' [rcNtRedir=0xc0150008]
3521	28f8.498: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\System32\wshtcpip.dll (rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=000000005c94f3b1:<flags> [calling]
3522	28f8.498: supR3HardenedScreenImage/NtCreateSection: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3523	28f8.498: supR3HardenedDllNotificationCallback: load 000007fefc6f0000 LB 0x00007000 C:\WINDOWS\System32\wshtcpip.dll [fFlags=0x0]
3524	28f8.498: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\WSHTCPIP.DLL
3525	28f8.498: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefc6f0000 'C:\WINDOWS\System32\wshtcpip.dll'
3526	28f8.24e0: supR3HardenedScreenImage/LdrLoadDll: cache hit (VINF_SUCCESS) on \Device\HarddiskVolume2\Windows\System32\avrt.dll
3527	28f8.24e0: supR3HardenedMonitor_LdrLoadDll: pName=C:\WINDOWS\system32\avrt.dll (Input=avrt.dll, rcNtResolve=0xc0150008) *pfFlags=0x0 pwszSearchPath=00000000c393f791:<flags> [calling]
3528	28f8.24e0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=000007fefbc00000 'C:\WINDOWS\system32\avrt.dll'
3529	28f8.1ab0: supR3HardenedMonitor_LdrLoadDll: returns rcNt=0x0 hMod=0000000077830000 'C:\WINDOWS\system32\USER32.dll'
3530	2af0.2ae8: supR3HardNtChildWaitFor[2]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3675482 ms, the end);
3531	2ad8.2ae4: supR3HardNtChildWaitFor[1]: Quitting: ExitCode=0xc0000005 (rcNtWait=0x0, rcNt1=0x0, rcNt2=0x103, rcNt3=0x103, 3676106 ms, the end);

Download in other formats:

Original Format